{"id":"CVE-2016-7099","details":"The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.","modified":"2026-04-16T06:20:26.230513540Z","published":"2016-10-10T16:59:01.277Z","related":["SUSE-SU-2016:2470-1","SUSE-SU-2016:2470-2","SUSE-SU-2019:14246-1","openSUSE-SU-2024:10247-1"],"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2017-0002.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/93191"},{"type":"FIX","url":"https://github.com/nodejs/node/commit/743f0c916469f3129dfae406fa104dc46782e20b"},{"type":"FIX","url":"https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nodejs/node","events":[{"introduced":"0"},{"last_affected":"163ca274230fce536afe76c64676c332693ad7c1"},{"introduced":"0"},{"last_affected":"c274d1643589bf104122674a8c3fd147527a667d"},{"introduced":"0"},{"last_affected":"1e0de9c426e07a260bbec2d2196c2d2db8eb8886"},{"introduced":"0"},{"last_affected":"d4982f6f5e4a9a703127489a553b8d782997ea43"},{"introduced":"0"},{"last_affected":"9712aa9f76073c30850b20a188b1ed12ffb74d17"},{"introduced":"0"},{"last_affected":"deeaf8fab978e3cadb364e46fb32dafdebe5f095"},{"introduced":"0"},{"last_affected":"5deb1672f2b5794f8be19498a425ea4dc0b0711f"},{"introduced":"0"},{"last_affected":"d2fdae197ac542f686ee06835d1153dd43b862e5"},{"introduced":"0"},{"last_affected":"30d9e9fdd9d4c33d3d95a129d021cd8b5b91eddb"},{"introduced":"0"},{"last_affected":"878ffdbe6a8eac918ef3a7f13925681c3778060b"},{"introduced":"0"},{"last_affected":"25e51c396aa23018603baae2b1d9390f5d9db496"},{"introduced":"0"},{"last_affected":"d9d5bc465450ae5d60da32e9ffcf71c2767f1fad"},{"introduced":"0"},{"last_affected":"a088cf4f930d3928c97d239adf950ab43e7794aa"},{"introduced":"0"},{"last_affected":"e32660a984427d46af6a144983cf7b8045b7299c"},{"introduced":"0"},{"last_affected":"fdf57f811f9683a4ec49a74dc7226517e32e6c9d"},{"introduced":"0"},{"last_affected":"2426d65af860bda7be9f0832a99601cc43c6cf63"},{"introduced":"0"},{"last_affected":"50b4c905a4425430ae54db4906f88982309e128d"},{"introduced":"0"},{"last_affected":"50b4c905a4425430ae54db4906f88982309e128d"},{"introduced":"0"},{"last_affected":"469a4a5091a677df62be319675056b869c31b35c"},{"introduced":"0"},{"last_affected":"67a1f0c52e0708e2596f3f2134b8386d6112561e"},{"introduced":"0"},{"last_affected":"6b5e6a5a3ec8d994c9aab3b800b9edbf1b287904"},{"introduced":"0"},{"last_affected":"d7234c8d50a1af73f60d2d3c0cc7eed17429a481"},{"introduced":"0"},{"last_affected":"e2da042844a830fafb8031f6c477eb4f96195210"},{"introduced":"0"},{"last_affected":"cbff8f091c22fb1df6b238c7a1b9145db950fa65"},{"introduced":"0"},{"last_affected":"0462bc23564e7e950a70ae4577a840b04db6c7c6"},{"introduced":"0"},{"last_affected":"b7fd6bc899ccb629d790c47aee06aba87e535c41"},{"introduced":"0"},{"last_affected":"b0e5f195dfce3e2b99f5091373d49f6616682596"},{"introduced":"0"},{"last_affected":"cc56c62ed879ad4f93b1fdab3235c43e60f48b7e"},{"introduced":"0"},{"last_affected":"cb7911f78ae96ef7a540df992cc1359ba9636e86"},{"introduced":"0"},{"last_affected":"b148cbe09d4657766fdb61575ba985734c2ff0a8"},{"introduced":"0"},{"last_affected":"ce82d6b8474bde7ac7df6d425fb88fb1bcba35bc"},{"introduced":"0"},{"last_affected":"bc0ff830aff1e016163d855e86ded5c98b0899e8"},{"introduced":"0"},{"last_affected":"7fabdc23d843cb705d2d0739e7bbdaaf50aa3292"},{"introduced":"0"},{"last_affected":"0fe0d121551593c23a565db8397f85f17bb0f00e"},{"introduced":"0"},{"last_affected":"8d045a30e95602b443eb259a5021d33feb4df079"},{"introduced":"0"},{"last_affected":"52795f8fcc2de77cf997e671ea58614e5e425dfe"},{"introduced":"0"},{"last_affected":"a363f61ca839e817eb6853c5dc5af8c3b9b9226b"},{"introduced":"0"},{"last_affected":"09b482886bdd3d863c3d4e7d71264eac0daaf9e1"},{"introduced":"0"},{"last_affected":"7d6b5b1d5ba726331f9ccaaae59af7cd53eee82e"},{"introduced":"0"},{"last_affected":"0b5731a63cc40c4fe9275c79158fe0a5dd4d1609"},{"introduced":"0"},{"last_affected":"615a35ccd2cb5cba80901862aefe51a940995f44"},{"introduced":"0"},{"last_affected":"0439a28d519fb6efe228074b0588a59452fc1677"},{"introduced":"0"},{"last_affected":"2f947e966588d46f85a49e387b8b107e575dff1d"},{"introduced":"0"},{"last_affected":"0e0aa28871732c57a2e11bd6e4371f8f98331e41"},{"introduced":"0"},{"last_affected":"3123e9a6df4fc500727934f5941cfa1c9e8ba820"},{"introduced":"0"},{"last_affected":"d6859151a49e6558316dff5620d3ebc4788bc148"},{"introduced":"0"},{"last_affected":"1b2bc79f96191f4a4cb268bf0048b43b2d56a284"},{"introduced":"0"},{"last_affected":"5f6827d244c15f9e13f13f14fadf16f988a2434b"},{"introduced":"0"},{"last_affected":"2f45ad8060e13d5ac912335096d21526f2f9602b"},{"introduced":"0"},{"last_affected":"ce3e3c5fe15479475c068482c48eb9cbf1ac9df5"},{"introduced":"0"},{"last_affected":"7f8213006780ac1953de5f57ce304f890e1eeb02"},{"introduced":"0"},{"last_affected":"a4705f62def103757112b58bfe9a4ab9e2767284"},{"introduced":"0"},{"last_affected":"c7b0d06183038c7ef8cac18a5dcac8b50c959c37"},{"introduced":"0"},{"last_affected":"091abb31e24b2de2e88a1576fd9f21a8d69f4d60"},{"introduced":"0"},{"last_affected":"9fc01b142b945f0662ea434dab48a0d23bddb69a"},{"introduced":"0"},{"last_affected":"f135a4c3d1503fa8e63cb93723275ef7b362c9db"},{"introduced":"0"},{"last_affected":"b7eba5ef1db90bea356c6ae0cc3fc45f2753cb80"},{"introduced":"0"},{"last_affected":"4c5315cc216ed0ca964c65bfe4245b847f136be8"},{"introduced":"0"},{"last_affected":"0a3ad92292505bebe6d3139c90d8ba79a7a00141"},{"introduced":"0"},{"last_affected":"2b18916ff054309a07408719b62e2b6a4f1e056a"},{"introduced":"0"},{"last_affected":"0034086b49f22cfde765a7e9f55db25f8eb310b6"},{"introduced":"0"},{"last_affected":"523d445705027438b83b8d5958c9beeb1c8711d9"},{"introduced":"0"},{"last_affected":"03431c7d7b4b4a3054ca8ae2cfa8009e3e84a2c7"},{"introduced":"0"},{"last_affected":"0a604e92e258c5ee2752d763e50721e35053f135"},{"introduced":"0"},{"last_affected":"61c6abf00898fe00eb7fcf2c23ba0b01cf12034c"},{"introduced":"0"},{"last_affected":"0be9a77bb18ec15b4fb6a1fb0762f313b7351201"},{"introduced":"0"},{"last_affected":"d3492aa7b386946e3a156440cad346e5b0a82838"},{"introduced":"0"},{"last_affected":"0cdc54a2bb1f17297ac4c418fdbe6df00e049b00"},{"introduced":"0"},{"last_affected":"ffc1395af0d5495be442eaefd9ce4dd6561c6dba"},{"introduced":"0"},{"last_affected":"8d7aa925de0bcbac24fec620364e47d15a116550"},{"introduced":"0"},{"last_affected":"e8c6a58941c8e17d7ce2e69eec347c57a2d094b6"},{"introduced":"0"},{"last_affected":"3f8ff60f058be9e04fad0d0995eb934998300d5f"},{"introduced":"0"},{"last_affected":"5f4849ac2af13ef3288bcf64c8d9f1fe8f5dba87"},{"introduced":"0"},{"last_affected":"a7376c9b8ec57c5d4cb1a632f075a3c58e8462c1"},{"introduced":"0"},{"last_affected":"2bd9dabf798fb7e00f6bbdfa0f68e6da211d22cb"},{"introduced":"0"},{"last_affected":"f9f837885343a2a3f5ba2b8c510eaac395c8c865"},{"introduced":"0"},{"last_affected":"b4ec2c2ab8fa53fb6e8192eed0965732d56a9160"},{"introduced":"0"},{"last_affected":"ab55b45b2e447237df3f5fee429ae3f06693ad0e"},{"introduced":"0"},{"last_affected":"85df6ada477715020dbd22e2fb5e687d84d663ff"},{"introduced":"0"},{"last_affected":"6dc12b1042d5d4727f77e8a1c5758dab91400069"},{"introduced":"0"},{"last_affected":"b7eff480d8fbeb0576bb98ca771fb1ad6f48e864"},{"introduced":"0"},{"last_affected":"bcf6ac1960a8b5b3be5f24c10ec4c5e2ba0a60fa"},{"introduced":"0"},{"last_affected":"aa1e9a42f7188986d1aaa5c081d80230fd8ee54a"},{"introduced":"0"},{"last_affected":"13151aae1a5e6e22052efd1816cc35bc1aae377c"},{"introduced":"0"},{"last_affected":"e6ca04cfd5f09ee5b536878bcb96f55d57fae68a"},{"introduced":"0"},{"last_affected":"6b0352d79a67e4b7036177442156400f26253eef"},{"introduced":"0"},{"last_affected":"58db386a1be17499a444df6a78743c9dfb3cfbe3"},{"introduced":"0"},{"last_affected":"ef37a465c536ec3e7d9d4d86f98003a156abf3bb"},{"introduced":"0"},{"last_affected":"c23f6087966be0b8944b71bc238d383080f87573"},{"introduced":"0"},{"last_affected":"83ca8fa313d81353d99690dc2620bdbf8e3d5e88"},{"introduced":"0"},{"last_affected":"5368455fdafc097880a8b7269187255a0bcd9801"},{"introduced":"0"},{"last_affected":"9ef4b1b140ce25e8178f7dfe2e637b8bd5483963"},{"introduced":"0"},{"last_affected":"d7f2bc9a71d0c2af5a362f8d6ea995c56dbfbd7a"},{"introduced":"0"},{"last_affected":"9cf628eae3a9b6969eca0d82c6bb0bcb18552867"},{"introduced":"0"},{"last_affected":"6330f482c8d899ef54cd923157ffb8125098f79b"},{"introduced":"0"},{"last_affected":"a4d9beb28a9b2884ba5c2e1bccd461ac4c179901"},{"introduced":"0"},{"last_affected":"0974fc6a25c343744235331eb20d31f6412ff7e1"},{"introduced":"0"},{"last_affected":"50577fa38d82d1b9c8414df56c14ed7228378bd0"},{"fixed":"743f0c916469f3129dfae406fa104dc46782e20b"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.10.0"},{"introduced":"0"},{"last_affected":"0.10.1"},{"introduced":"0"},{"last_affected":"0.10.2"},{"introduced":"0"},{"last_affected":"0.10.3"},{"introduced":"0"},{"last_affected":"0.10.4"},{"introduced":"0"},{"last_affected":"0.10.5"},{"introduced":"0"},{"last_affected":"0.10.6"},{"introduced":"0"},{"last_affected":"0.10.7"},{"introduced":"0"},{"last_affected":"0.10.8"},{"introduced":"0"},{"last_affected":"0.10.9"},{"introduced":"0"},{"last_affected":"0.10.10"},{"introduced":"0"},{"last_affected":"0.10.11"},{"introduced":"0"},{"last_affected":"0.10.12"},{"introduced":"0"},{"last_affected":"0.10.13"},{"introduced":"0"},{"last_affected":"0.10.14"},{"introduced":"0"},{"last_affected":"0.10.15"},{"introduced":"0"},{"last_affected":"0.10.16"},{"introduced":"0"},{"last_affected":"0.10.16-isaacs-manual"},{"introduced":"0"},{"last_affected":"0.10.17"},{"introduced":"0"},{"last_affected":"0.10.18"},{"introduced":"0"},{"last_affected":"0.10.19"},{"introduced":"0"},{"last_affected":"0.10.20"},{"introduced":"0"},{"last_affected":"0.10.21"},{"introduced":"0"},{"last_affected":"0.10.22"},{"introduced":"0"},{"last_affected":"0.10.23"},{"introduced":"0"},{"last_affected":"0.10.24"},{"introduced":"0"},{"last_affected":"0.10.25"},{"introduced":"0"},{"last_affected":"0.10.26"},{"introduced":"0"},{"last_affected":"0.10.27"},{"introduced":"0"},{"last_affected":"0.10.28"},{"introduced":"0"},{"last_affected":"0.10.29"},{"introduced":"0"},{"last_affected":"0.10.30"},{"introduced":"0"},{"last_affected":"0.10.31"},{"introduced":"0"},{"last_affected":"0.10.32"},{"introduced":"0"},{"last_affected":"0.10.33"},{"introduced":"0"},{"last_affected":"0.10.34"},{"introduced":"0"},{"last_affected":"0.10.35"},{"introduced":"0"},{"last_affected":"0.10.36"},{"introduced":"0"},{"last_affected":"0.10.37"},{"introduced":"0"},{"last_affected":"0.10.38"},{"introduced":"0"},{"last_affected":"0.10.39"},{"introduced":"0"},{"last_affected":"0.10.40"},{"introduced":"0"},{"last_affected":"0.10.41"},{"introduced":"0"},{"last_affected":"0.10.42"},{"introduced":"0"},{"last_affected":"0.10.43"},{"introduced":"0"},{"last_affected":"0.10.44"},{"introduced":"0"},{"last_affected":"0.10.45"},{"introduced":"0"},{"last_affected":"0.10.46"},{"introduced":"0"},{"last_affected":"12.0"},{"introduced":"0"},{"last_affected":"6.0.0"},{"introduced":"0"},{"last_affected":"6.1.0"},{"introduced":"0"},{"last_affected":"6.2.0"},{"introduced":"0"},{"last_affected":"6.2.1"},{"introduced":"0"},{"last_affected":"6.2.2"},{"introduced":"0"},{"last_affected":"6.3.0"},{"introduced":"0"},{"last_affected":"6.3.1"},{"introduced":"0"},{"last_affected":"6.4.0"},{"introduced":"0"},{"last_affected":"6.5.0"},{"introduced":"0"},{"last_affected":"6.6.0"},{"introduced":"0"},{"last_affected":"0.12.0"},{"introduced":"0"},{"last_affected":"0.12.1"},{"introduced":"0"},{"last_affected":"0.12.2"},{"introduced":"0"},{"last_affected":"0.12.3"},{"introduced":"0"},{"last_affected":"0.12.4"},{"introduced":"0"},{"last_affected":"0.12.5"},{"introduced":"0"},{"last_affected":"0.12.6"},{"introduced":"0"},{"last_affected":"0.12.7"},{"introduced":"0"},{"last_affected":"0.12.8"},{"introduced":"0"},{"last_affected":"0.12.9"},{"introduced":"0"},{"last_affected":"0.12.10"},{"introduced":"0"},{"last_affected":"0.12.11"},{"introduced":"0"},{"last_affected":"0.12.12"},{"introduced":"0"},{"last_affected":"0.12.13"},{"introduced":"0"},{"last_affected":"0.12.14"},{"introduced":"0"},{"last_affected":"0.12.15"},{"introduced":"0"},{"last_affected":"4.0.0"},{"introduced":"0"},{"last_affected":"4.1.0"},{"introduced":"0"},{"last_affected":"4.1.1"},{"introduced":"0"},{"last_affected":"4.1.2"},{"introduced":"0"},{"last_affected":"4.2.0"},{"introduced":"0"},{"last_affected":"4.2.1"},{"introduced":"0"},{"last_affected":"4.2.2"},{"introduced":"0"},{"last_affected":"4.2.3"},{"introduced":"0"},{"last_affected":"4.2.4"},{"introduced":"0"},{"last_affected":"4.2.5"},{"introduced":"0"},{"last_affected":"4.2.6"},{"introduced":"0"},{"last_affected":"4.3.0"},{"introduced":"0"},{"last_affected":"4.3.1"},{"introduced":"0"},{"last_affected":"4.3.2"},{"introduced":"0"},{"last_affected":"4.4.0"},{"introduced":"0"},{"last_affected":"4.4.1"},{"introduced":"0"},{"last_affected":"4.4.2"},{"introduced":"0"},{"last_affected":"4.4.3"},{"introduced":"0"},{"last_affected":"4.4.4"},{"introduced":"0"},{"last_affected":"4.4.5"},{"introduced":"0"},{"last_affected":"4.4.6"},{"introduced":"0"},{"last_affected":"4.4.7"},{"introduced":"0"},{"last_affected":"4.5.0"}]}}],"versions":["v0.0.1","v0.0.2","v0.0.3","v0.0.4","v0.0.6","v0.1.0","v0.1.1","v0.1.10","v0.1.100","v0.1.101","v0.1.102","v0.1.103","v0.1.104","v0.1.11","v0.1.12","v0.1.13","v0.1.14","v0.1.15","v0.1.16","v0.1.17","v0.1.18","v0.1.19","v0.1.2","v0.1.20","v0.1.21","v0.1.22","v0.1.23","v0.1.24","v0.1.25","v0.1.26","v0.1.27","v0.1.28","v0.1.29","v0.1.3","v0.1.30","v0.1.31","v0.1.32","v0.1.33","v0.1.4","v0.1.5","v0.1.6","v0.1.7","v0.1.8","v0.1.9","v0.1.92","v0.1.93","v0.1.94","v0.1.95","v0.1.96","v0.1.97","v0.1.98","v0.1.99","v0.10.0","v0.10.1","v0.10.10","v0.10.11","v0.10.12","v0.10.13","v0.10.14","v0.10.15","v0.10.16","v0.10.17","v0.10.18","v0.10.19","v0.10.2","v0.10.20","v0.10.21","v0.10.22","v0.10.23","v0.10.24","v0.10.25","v0.10.26","v0.10.27","v0.10.28","v0.10.29","v0.10.3","v0.10.30","v0.10.31","v0.10.32","v0.10.33","v0.10.34","v0.10.35","v0.10.36","v0.10.37","v0.10.38","v0.10.39","v0.10.4","v0.10.40","v0.10.41","v0.10.42","v0.10.43","v0.10.44","v0.10.45","v0.10.46","v0.10.5","v0.10.6","v0.10.7","v0.10.8","v0.10.9","v0.12.0","v0.12.1","v0.12.10","v0.12.11","v0.12.12","v0.12.13","v0.12.14","v0.12.15","v0.12.2","v0.12.3","v0.12.4","v0.12.5","v0.12.6","v0.12.7","v0.12.8","v0.12.9","v0.2.0","v0.3.0","v0.3.1","v0.3.2","v0.3.4","v0.3.5","v0.3.6","v0.3.7","v0.3.8","v0.4.0","v0.5.0","v0.5.1","v0.5.10","v0.5.2","v0.5.3","v0.5.4","v0.5.5","v0.5.5-rc1","v0.5.6","v0.5.7","v0.5.8","v0.5.9","v0.6.0","v0.6.1","v0.7.0","v0.7.2","v0.7.3","v1.0.1","v1.0.1-release","v1.0.2","v1.0.2-release","v1.0.3","v1.0.4","v1.1.0","v1.2.0","v1.3.0","v1.4.1","v1.4.2","v1.4.3","v1.5.0","v1.5.1","v1.6.0","v1.6.1","v1.6.2","v1.6.3","v1.6.4","v1.7.0","v1.7.1","v12.0.0","v2.0.0","v2.0.1","v2.0.2","v2.1.0","v2.2.0","v2.2.1","v2.3.0","v2.3.1","v2.3.2","v2.3.3","v2.3.4","v2.4.0","v2.5.0","v3.0.0","v4.0.0","v4.1.0","v4.1.1","v4.1.2","v4.2.0","v4.2.1","v4.2.2","v4.2.3","v4.2.4","v4.2.5","v4.2.6","v4.3.0","v4.3.1","v4.3.2","v4.4.0","v4.4.1","v4.4.2","v4.4.3","v4.4.4","v4.4.5","v4.4.6","v4.4.7","v4.5.0","v6.0.0","v6.1.0","v6.2.0","v6.2.1","v6.2.2","v6.3.0","v6.3.1","v6.4.0","v6.5.0","v6.6.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-7099.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}