CVE-2020-8265

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
Affected Products (NVD)
VendorProductVersion
nodejsnode.js
10.0.0 ≤
𝑥
< 10.23.1
nodejsnode.js
12.0.0 ≤
𝑥
< 12.20.1
nodejsnode.js
14.0.0 ≤
𝑥
< 14.15.4
nodejsnode.js
15.0.0 ≤
𝑥
< 15.5.1
debiandebian_linux
10.0
oraclegraalvm
19.3.4
oraclegraalvm
20.3.0
siemenssinec_infrastructure_network_services
𝑥
< 1.0.1.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
nodejs
bookworm
18.19.0+dfsg-6~deb12u2
fixed
bookworm (security)
18.19.0+dfsg-6~deb12u1
fixed
bullseye
12.22.12~dfsg-1~deb11u4
fixed
bullseye (security)
12.22.12~dfsg-1~deb11u5
fixed
sid
20.17.0+dfsg-2
fixed
stretch
ignored
trixie
20.17.0+dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
nodejs
bionic
Fixed 8.10.0~dfsg-2ubuntu0.4+esm2
released
focal
Fixed 10.19.0~dfsg-3ubuntu1.1
released
groovy
ignored
hirsute
ignored
impish
ignored
jammy
not-affected
kinetic
ignored
lunar
not-affected
mantic
not-affected
trusty
not-affected
xenial
Fixed 4.2.6~dfsg-1ubuntu4.2+esm2
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
nodejs10
suse enterprise sap 15 SP1
10.23.1-1.30.1
fixed
suse enterprise sap 15 SP2
10.23.1-1.30.1
fixed
suse enterprise server 15
10.23.1-1.30.1
fixed
suse enterprise server 15 SP1
10.23.1-1.30.1
fixed
suse enterprise server 15 SP2
10.23.1-1.30.1
fixed
nodejs10-devel
suse enterprise sap 15 SP1
10.23.1-1.30.1
fixed
suse enterprise sap 15 SP2
10.23.1-1.30.1
fixed
suse enterprise server 15
10.23.1-1.30.1
fixed
suse enterprise server 15 SP1
10.23.1-1.30.1
fixed
suse enterprise server 15 SP2
10.23.1-1.30.1
fixed
nodejs10-docs
suse enterprise sap 15 SP1
10.23.1-1.30.1
fixed
suse enterprise sap 15 SP2
10.23.1-1.30.1
fixed
suse enterprise server 15
10.23.1-1.30.1
fixed
suse enterprise server 15 SP1
10.23.1-1.30.1
fixed
suse enterprise server 15 SP2
10.23.1-1.30.1
fixed
nodejs12
suse enterprise sap 15 SP2
12.20.1-4.10.1
fixed
suse enterprise sap 15 SP3
12.20.1-4.10.1
fixed
suse enterprise server 15 SP2
12.20.1-4.10.1
fixed
suse enterprise server 15 SP3
12.20.1-4.10.1
fixed
nodejs12-devel
suse enterprise sap 15 SP2
12.20.1-4.10.1
fixed
suse enterprise sap 15 SP3
12.20.1-4.10.1
fixed
suse enterprise server 15 SP2
12.20.1-4.10.1
fixed
suse enterprise server 15 SP3
12.20.1-4.10.1
fixed
nodejs12-docs
suse enterprise sap 15 SP2
12.20.1-4.10.1
fixed
suse enterprise sap 15 SP3
12.20.1-4.10.1
fixed
suse enterprise server 15 SP2
12.20.1-4.10.1
fixed
suse enterprise server 15 SP3
12.20.1-4.10.1
fixed
nodejs14
suse enterprise sap 15 SP2
14.15.4-5.6.1
fixed
suse enterprise sap 15 SP3
14.15.4-5.6.1
fixed
suse enterprise server 15 SP2
14.15.4-5.6.1
fixed
suse enterprise server 15 SP3
14.15.4-5.6.1
fixed
nodejs14-devel
suse enterprise sap 15 SP2
14.15.4-5.6.1
fixed
suse enterprise sap 15 SP3
14.15.4-5.6.1
fixed
suse enterprise server 15 SP2
14.15.4-5.6.1
fixed
suse enterprise server 15 SP3
14.15.4-5.6.1
fixed
nodejs14-docs
suse enterprise sap 15 SP2
14.15.4-5.6.1
fixed
suse enterprise sap 15 SP3
14.15.4-5.6.1
fixed
suse enterprise server 15 SP2
14.15.4-5.6.1
fixed
suse enterprise server 15 SP3
14.15.4-5.6.1
fixed
npm10
suse enterprise sap 15 SP1
10.23.1-1.30.1
fixed
suse enterprise sap 15 SP2
10.23.1-1.30.1
fixed
suse enterprise server 15
10.23.1-1.30.1
fixed
suse enterprise server 15 SP1
10.23.1-1.30.1
fixed
suse enterprise server 15 SP2
10.23.1-1.30.1
fixed
npm12
suse enterprise sap 15 SP2
12.20.1-4.10.1
fixed
suse enterprise sap 15 SP3
12.20.1-4.10.1
fixed
suse enterprise server 15 SP2
12.20.1-4.10.1
fixed
suse enterprise server 15 SP3
12.20.1-4.10.1
fixed
npm14
suse enterprise sap 15 SP2
14.15.4-5.6.1
fixed
suse enterprise sap 15 SP3
14.15.4-5.6.1
fixed
suse enterprise server 15 SP2
14.15.4-5.6.1
fixed
suse enterprise server 15 SP3
14.15.4-5.6.1
fixed
Common Weakness Enumeration
References
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://hackerone.com/reports/988103
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H472D5HPXN6RRXCNFML3BK5OYC52CXF2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K4I6MZNC7C7VIDQR267OL4TVCI3ZKAC4/
https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/
https://security.gentoo.org/glsa/202101-07
https://security.netapp.com/advisory/ntap-20210212-0003/
https://www.debian.org/security/2021/dsa-4826
https://www.oracle.com/security-alerts/cpujan2021.html
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://hackerone.com/reports/988103
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H472D5HPXN6RRXCNFML3BK5OYC52CXF2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K4I6MZNC7C7VIDQR267OL4TVCI3ZKAC4/
https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/
https://security.gentoo.org/glsa/202101-07
https://security.netapp.com/advisory/ntap-20210212-0003/
https://www.debian.org/security/2021/dsa-4826
https://www.oracle.com/security-alerts/cpujan2021.html