Published: 19/11/2020 Updated: 11/01/2021

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

A Node.js application that allows an malicious user to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1.

Vulnerable Product	Search on Vulmon	Subscribe to Product
nodejs node.js
fedoraproject fedora 33

Synopsis Moderate: nodejs:12 security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring S ...

Synopsis Moderate: rh-nodejs12-nodejs security update Type/Severity Security Advisory: Moderate Topic An update for rh-nodejs12-nodejs is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Syst ...

Arch Linux Security Advisory ASA-202011-18 ========================================== Severity: Medium Date : 2020-11-19 CVE-ID : CVE-2020-8277 Package : c-ares Type : denial of service Remote : Yes Link : securityarchlinuxorg/AVG-1280 Summary ======= The package c-ares before version 1171-1 is vulnerable to denial of serv ...

IBM Cloud Transformation Advisor has addressed Nodejs vulnerability CVE-2020-8277 ...

A application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service by getting the application to resolve a DNS record with a larger number of responses ...

IBM Event Streams is affected by the following vulnerabilities in the included Nodejs runtime that is used for the UI and Schema Registry ...

CVE-2020-8277 For educational purposes only Quick Run # clone this repository $ git clone githubcom/masahiro331/CVE-2020-8277 # run bind $ docker build -t bind-local /bind # Need TCP fallback $ docker run --rm --name bind -it -p 53:53 -p 53:53/udp bind # use "< v1521" version # If you use fixed version, build node $ git clone githubcom

PoC in GitHub 2020 CVE-2020-0014 (2020-02-13) It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android

CWE-400 https://hackerone.com/reports/1033107 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A7WH7W46OZSEUHWBHD7TCH3LRFY52V6Z/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEJBY3RJB3XWUOJFGZM5E3EMQ7MFM3UT/https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/https://security.gentoo.org/glsa/202012-11 https://security.gentoo.org/glsa/202101-07 https://github.com/masahiro331/CVE-2020-8277 https://nvd.nist.gov https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/https://exchange.xforce.ibmcloud.com/vulnerabilities/191755

CVE-2020-8277

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References