The nodejs release lines 15.x, 14.x, 12.x and 10.x are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits. The issue is fixed in nodejs versions 15.5.1, 14.15.4, 12.20.1 and 10.23.1.
The nodejs release lines 15.x, 14.x, 12.x and 10.x are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits. The issue is fixed in nodejs versions 15.5.1, 14.15.4, 12.20.1 and 10.23.1.
https://groups.google.com/g/nodejs-sec/c/kyzmwvQdUfs/m/7mjPCzY2BAAJ https://github.com/nodejs-private/node-private/issues/227 https://hackerone.com/bugs?subject=nodejs&report_id=988103 https://github.com/nodejs/node/commit/9834ef85a0a549a45a98f04dc51af1782a7126ee https://github.com/nodejs/node/commit/4f8772f9b731118628256189b73cd202149bbd97 https://github.com/nodejs/node/commit/5b00de7d67a1372aa342115ad28edd3f78268bb6 https://github.com/nodejs/node/commit/7f178663ebffc82c9f8a5a1b6bf2da0c263a30ed https://github.com/nodejs/node/commit/357e2857c8385c303782ced2ac8b568df06d4326