Published: 06/01/2021 Updated: 07/11/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Node.js versions prior to 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits.

Vulnerable Product	Search on Vulmon	Subscribe to Product
nodejs node.js
debian debian linux 10.0
fedoraproject fedora 32
fedoraproject fedora 33
oracle graalvm 19.3.4
oracle graalvm 20.3.0
siemens sinec infrastructure network services

Debian Bug report logs - #979364 nodejs: CVE-2020-8265 CVE-2020-8287 Package: src:nodejs; Maintainer for src:nodejs is Debian Javascript Maintainers <pkg-javascript-devel@alioth-listsdebiannet>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 5 Jan 2021 20:15:02 UTC Severity: grave Tags: security, ...

Two vulnerabilities were discovered in Nodejs, which could result in denial of service and potentially the execution of arbitrary code or HTTP request smuggling For the stable distribution (buster), these problems have been fixed in version 10231~dfsg-1~deb10u1 We recommend that you upgrade your nodejs packages For the detailed security statu ...

Synopsis Moderate: rh-nodejs10-nodejs security update Type/Severity Security Advisory: Moderate Topic An update for rh-nodejs10-nodejs is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Syst ...

Synopsis Moderate: nodejs:10 security update Type/Severity Security Advisory: Moderate Topic An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) ...

Synopsis Moderate: nodejs:12 security update Type/Severity Security Advisory: Moderate Topic An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) ...

Synopsis Moderate: rh-nodejs12-nodejs security update Type/Severity Security Advisory: Moderate Topic An update for rh-nodejs12-nodejs is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Syst ...

Synopsis Moderate: nodejs:14 security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring S ...

Synopsis Moderate: rh-nodejs14-nodejs security update Type/Severity Security Advisory: Moderate Topic An update for rh-nodejs14-nodejs is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Syst ...

The nodejs release lines 15x, 14x, 12x and 10x are vulnerable to a use-after-free bug in its TLS implementation When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument If the DoWrite method does not return an error, this object is passed back to the ...

Multiple vulnerabilities have been found in Hitachi Ops Center Analyzer CVE-2020-8252, CVE-2020-8265, CVE-2021-22883, CVE-2021-22884 Affected products and versions are listed below Please upgrade your version to the appropriate version ...

Critical Infrastructure Sectors: Energy

CWE-416 https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/https://hackerone.com/reports/988103 https://www.debian.org/security/2021/dsa-4826 https://security.gentoo.org/glsa/202101-07 https://www.oracle.com/security-alerts/cpujan2021.html https://security.netapp.com/advisory/ntap-20210212-0003/https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K4I6MZNC7C7VIDQR267OL4TVCI3ZKAC4/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H472D5HPXN6RRXCNFML3BK5OYC52CXF2/https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979364 https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-02 https://www.debian.org/security/2021/dsa-4826

Get Started

CVE-2020-8265

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

References

Vulmon Search

About

Products

Connect