CVE-2020-1971 – EDIPARTYNAME NULL pointer dereference
https://notcve.org/view.php?id=CVE-2020-1971
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. • https://github.com/MBHudson/CVE-2020-1971 http://www.openwall.com/lists/oss-security/2021/09/14/2 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2154ab83e14ede338d2ede9bbe5cdfce5d5a6c9e https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=f960d81215ebf3f65e03d4d5d857fb9b666d6920 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44676 https://lists.apache.org/thread.html/r63c6f2dd363d9b514d0a4bcf624580616a679898cc14c109a49b7 • CWE-476: NULL Pointer Dereference •
CVE-2020-8277 – c-ares: ares_parse_{a,aaaa}_reply() insufficient naddrttls validation DoS
https://notcve.org/view.php?id=CVE-2020-8277
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1. Una aplicación Node.js que permite a un atacante desencadenar una petición DNS para un host de su elección podría desencadenar una Denegación de servicio en las versiones anteriores a 15.2.1, versiones anteriores a 14.15.1 y versiones anteriores a 12.19.1 al conseguir que la aplicación resuelva un Registro DNS con un mayor número de respuestas. Esto es corregido en versiones 15.2.1, 14.15.1 y 12.19.1 • https://github.com/masahiro331/CVE-2020-8277 https://github.com/AndrewIjano/CVE-2020-8277 https://hackerone.com/reports/1033107 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A7WH7W46OZSEUHWBHD7TCH3LRFY52V6Z https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEJBY3RJB3XWUOJFGZM5E3EMQ7MFM3UT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EEIV4CH6KNVZK63Y6EKVN2XDW7IHSJBJ https://lists.fedoraproject.org/archives • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-400: Uncontrolled Resource Consumption •
CVE-2020-8201 – nodejs: HTTP request smuggling due to CR-to-Hyphen conversion
https://notcve.org/view.php?id=CVE-2020-8201
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names. Node.js versiones anteriores a 12.18.4 y versiones anteriores a 14.11, pueden ser explotado para llevar a cabo ataques de desincronización HTTP y entregar cargas útiles maliciosas a usuarios desprevenidos. Las cargas útiles pueden ser diseñadas por un atacante para secuestrar sesiones de usuario, envenenar cookies, llevar a cabo secuestro del click y una multitud de otros ataques dependiendo de la arquitectura del sistema subyacente. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00011.html https://hackerone.com/reports/922597 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6 https://nodejs.org/en/blog/vulnerability/september-2020-security-releases https://security.gentoo.org/glsa/202101-07 https://security.netapp.com/advisory/ntap-20201009-0004 https://access.redhat.com/security/cve/CVE-2020-8201 https://bugzilla.redhat.com/show_bug.cgi?id=18 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVE-2020-8252 – libuv: buffer overflow in realpath
https://notcve.org/view.php?id=CVE-2020-8252
The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes. La implementación de realpath en libuv versiones anteriores a versiones anteriores a 10.22.1, versiones anteriores a 12.18.4 y versiones anteriores a 14.9.0, usada dentro de Node.js determinó incorrectamente el tamaño del búfer, lo que puede resultar en un desbordamiento del búfer si la ruta resuelta tiene más de 256 bytes A flaw has been found in libuv. The realpath() implementation performs an incorrect calculation when allocating a buffer, leading to a potential buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00023.html https://hackerone.com/reports/965914 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6 https://nodejs.org/en/blog/vulnerability/september-2020-security-releases https://security.gentoo.org/glsa/202009-15 https://security.netapp.com/advisory/ntap-20201009-0004 https://usn.ubuntu.com/4548- • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow •
CVE-2020-8174 – nodejs: memory corruption in napi_get_value_string_* functions
https://notcve.org/view.php?id=CVE-2020-8174
napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0. La función napi_get_value_string_*(), permite varios tipos de corrupción de memoria en node versiones anteriores a 10.21.0, 12.18.0 y versiones anteriores a 14.4.0 A flaw was found in nodejs. Calling napi_get_value_string_latin1(), napi_get_value_string_utf8(), or napi_get_value_string_utf16() with a non-NULL buf, and a bufsize of 0 will cause the entire string value to be written to buf, probably overrunning the length of the buffer. • https://hackerone.com/reports/784186 https://security.gentoo.org/glsa/202101-07 https://security.netapp.com/advisory/ntap-20201023-0003 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com/security-alerts/cpuoct2020.html https://access.redhat.com/security/cve/CVE-2020-8174 https://bugzilla.redhat.com/show_bug.cgi?id=1845256 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-191: Integer Underflow (Wrap or Wraparound) •