CVSS: 8.1EPSS: 0%CPEs: 10EXPL: 1CVE-2020-8265 – nodejs: use-after-free in the TLS implementation
https://notcve.org/view.php?id=CVE-2020-8265
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits. Node.js versiones anteriores a 10.23.1, 12.20.1, 14.15.4, 15.5.1, son vulnerables a un bug de uso de la memoria previamente liberada en su implementación TLS. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://hackerone.com/reports/988103 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H472D5HPXN6RRXCNFML3BK5OYC52CXF2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K4I6MZNC7C7VIDQR267OL4TVCI3ZKAC4 https://nodejs.org/en/blog/vulnerability/january-2021-security-releases https://security.gentoo.org/glsa/202101-07 https://security.netapp.com/advisory/ntap-20210212-0003 https:&# • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 1CVE-2020-8287 – nodejs: HTTP request smuggling via two copies of a header field in an http request
https://notcve.org/view.php?id=CVE-2020-8287
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling. Node.js versiones anteriores a 10.23.1, 12.20.1, 14.15.4, 15.5.1 permiten dos copias de un campo de encabezado en una petición HTTP (por ejemplo, dos campos de encabezado Transfer-Encoding). En este caso, Node.js identifica el primer campo de encabezado e ignora el segundo. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://hackerone.com/reports/1002188 https://lists.debian.org/debian-lts-announce/2022/12/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H472D5HPXN6RRXCNFML3BK5OYC52CXF2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K4I6MZNC7C7VIDQR267OL4TVCI3ZKAC4 https://nodejs.org/en/blog/vulnerability/january-2021-security-releases https://security.gentoo.org/glsa/2021 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 5.9EPSS: 0%CPEs: 75EXPL: 1CVE-2020-1971 – EDIPARTYNAME NULL pointer dereference
https://notcve.org/view.php?id=CVE-2020-1971
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. • https://github.com/MBHudson/CVE-2020-1971 http://www.openwall.com/lists/oss-security/2021/09/14/2 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=f960d81215ebf3f65e03d4d5d857fb9b666d6920 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44676 https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4bcf624580616a679898cc14c109a49b7 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2018-21270 – nodejs-stringstream: out-of-bounds read leading to uninitialized memory exposure
https://notcve.org/view.php?id=CVE-2018-21270
Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream (when using Node.js 4.x). Las versiones inferiores a 0.0.6 del módulo stringstream de Node.js son vulnerables a una lectura fuera de límites debido a la asignación de búferes no inicializados cuando un número es pasado en el flujo de entrada (cuando se usa Node.js versión 4.x) A flaw was found in nodejs-stringstream. Node.js stringstream module is vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream. • https://github.com/mhart/StringStream/issues/7 https://hackerone.com/reports/321670 https://www.npmjs.com/advisories/664 https://access.redhat.com/security/cve/CVE-2018-21270 https://bugzilla.redhat.com/show_bug.cgi?id=1927293 • CWE-125: Out-of-bounds Read CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-8252 – libuv: buffer overflow in realpath
https://notcve.org/view.php?id=CVE-2020-8252
The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes. La implementación de realpath en libuv versiones anteriores a versiones anteriores a 10.22.1, versiones anteriores a 12.18.4 y versiones anteriores a 14.9.0, usada dentro de Node.js determinó incorrectamente el tamaño del búfer, lo que puede resultar en un desbordamiento del búfer si la ruta resuelta tiene más de 256 bytes A flaw has been found in libuv. The realpath() implementation performs an incorrect calculation when allocating a buffer, leading to a potential buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00023.html https://hackerone.com/reports/965914 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6 https://nodejs.org/en/blog/vulnerability/september-2020-security-releases https://security.gentoo.org/glsa/202009-15 https://security.netapp.com/advisory/ntap-20201009-0004 https://usn.ubuntu.com/4548- • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow •