CVE-2020-8265
nodejs: use-after-free in the TLS implementation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits.
Node.js versiones anteriores a 10.23.1, 12.20.1, 14.15.4, 15.5.1, son vulnerables a un bug de uso de la memoria previamente liberada en su implementación TLS. Al escribir en un socket habilitado para TLS, node::StreamBase::Write llama node::TLSWrap::DoWrite con un objeto WriteWrap recién asignado como primer argumento. Si el método DoWrite no devuelve un error, este objeto es devuelto a la persona que llama como parte de una estructura de StreamWriteResult. Esto puede ser explotado para corromper la memoria conllevando a una Denegación de Servicio o potencialmente otras explotaciones
A flaw was found in nodejs. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-01-28 CVE Reserved
- 2021-01-06 CVE Published
- 2024-06-28 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-416: Use After Free
CAPEC
References (11)
URL | Tag | Source |
---|---|---|
https://security.netapp.com/advisory/ntap-20210212-0003 | Third Party Advisory | |
https://www.oracle.com/security-alerts/cpujan2021.html | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://hackerone.com/reports/988103 | 2024-08-04 |
URL | Date | SRC |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf | 2023-11-07 | |
https://nodejs.org/en/blog/vulnerability/january-2021-security-releases | 2023-11-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Nodejs Search vendor "Nodejs" | Node.js Search vendor "Nodejs" for product "Node.js" | >= 10.0.0 < 10.23.1 Search vendor "Nodejs" for product "Node.js" and version " >= 10.0.0 < 10.23.1" | lts |
Affected
| ||||||
Nodejs Search vendor "Nodejs" | Node.js Search vendor "Nodejs" for product "Node.js" | >= 12.0.0 < 12.20.1 Search vendor "Nodejs" for product "Node.js" and version " >= 12.0.0 < 12.20.1" | lts |
Affected
| ||||||
Nodejs Search vendor "Nodejs" | Node.js Search vendor "Nodejs" for product "Node.js" | >= 14.0.0 < 14.15.4 Search vendor "Nodejs" for product "Node.js" and version " >= 14.0.0 < 14.15.4" | lts |
Affected
| ||||||
Nodejs Search vendor "Nodejs" | Node.js Search vendor "Nodejs" for product "Node.js" | >= 15.0.0 < 15.5.1 Search vendor "Nodejs" for product "Node.js" and version " >= 15.0.0 < 15.5.1" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 32 Search vendor "Fedoraproject" for product "Fedora" and version "32" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 33 Search vendor "Fedoraproject" for product "Fedora" and version "33" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Graalvm Search vendor "Oracle" for product "Graalvm" | 19.3.4 Search vendor "Oracle" for product "Graalvm" and version "19.3.4" | enterprise |
Affected
| ||||||
Oracle Search vendor "Oracle" | Graalvm Search vendor "Oracle" for product "Graalvm" | 20.3.0 Search vendor "Oracle" for product "Graalvm" and version "20.3.0" | enterprise |
Affected
| ||||||
Siemens Search vendor "Siemens" | Sinec Infrastructure Network Services Search vendor "Siemens" for product "Sinec Infrastructure Network Services" | < 1.0.1.1 Search vendor "Siemens" for product "Sinec Infrastructure Network Services" and version " < 1.0.1.1" | - |
Affected
|