Published: 18/09/2020 Updated: 07/11/2023

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes.

Vulnerable Product	Search on Vulmon	Subscribe to Product
nodejs node.js
opensuse leap 15.2
fedoraproject fedora 33

Synopsis Moderate: rh-nodejs12-nodejs security update Type/Severity Security Advisory: Moderate Topic An update for rh-nodejs12-nodejs is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Syst ...

Synopsis Moderate: nodejs:12 security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring S ...

Synopsis Moderate: nodejs:12 security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 81 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Moderate A Comm ...

Synopsis Moderate: rh-nodejs10-nodejs security update Type/Severity Security Advisory: Moderate Topic An update for rh-nodejs10-nodejs is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Syst ...

Synopsis Moderate: nodejs:10 security update Type/Severity Security Advisory: Moderate Topic An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) ...

Multiple vulnerabilities have been found in Hitachi Ops Center Analyzer CVE-2020-8252, CVE-2020-8265, CVE-2021-22883, CVE-2021-22884 Affected products and versions are listed below Please upgrade your version to the appropriate version ...

Critical Infrastructure Sectors: Energy

CWE-120 https://hackerone.com/reports/965914 https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/https://security.gentoo.org/glsa/202009-15 https://usn.ubuntu.com/4548-1/http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00011.html https://security.netapp.com/advisory/ntap-20201009-0004/http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2020:5086 https://www.cisa.gov/uscert/ics/advisories/icsa-22-242-01 https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-110/index.html

CVE-2020-8252

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

References

Vulmon Search

About

Products

Connect