CVE-2020-8174
24.07.2020, 22:15
napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.
| Vendor | Product | Version |
|---|---|---|
| nodejs | node.js | 𝑥 < 10.21.0 |
| nodejs | node.js | 12.0.0 ≤ 𝑥 < 12.18.0 |
| nodejs | node.js | 14.0.0 ≤ 𝑥 < 14.4.0 |
| oracle | banking_extensibility_workbench | 14.3.0 |
| oracle | banking_extensibility_workbench | 14.4.0 |
| oracle | blockchain_platform | 𝑥 < 21.1.2 |
| oracle | mysql_cluster | 𝑥 ≤ 7.3.30 |
| oracle | mysql_cluster | 7.4.0 ≤ 𝑥 ≤ 7.4.29 |
| oracle | mysql_cluster | 7.5.0 ≤ 𝑥 ≤ 7.5.19 |
| oracle | mysql_cluster | 7.6.0 ≤ 𝑥 ≤ 7.6.15 |
| oracle | mysql_cluster | 8.0.0 ≤ 𝑥 ≤ 8.0.21 |
| oracle | retail_xstore_point_of_service | 16.0.6 |
| oracle | retail_xstore_point_of_service | 17.0.4 |
| oracle | retail_xstore_point_of_service | 18.0.3 |
| oracle | retail_xstore_point_of_service | 19.0.2 |
| oracle | retail_xstore_point_of_service | 20.0.1 |
| netapp | active_iq_unified_manager | - |
| netapp | active_iq_unified_manager | - |
| netapp | oncommand_insight | - |
| netapp | oncommand_workflow_automation | - |
| netapp | snapcenter | - |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory BufferThe software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
- CWE-191 - Integer Underflow (Wrap or Wraparound)The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
References