// For flags

CVE-2020-8265

nodejs: use-after-free in the TLS implementation

Severity Score

8.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits.

Node.js versiones anteriores a 10.23.1, 12.20.1, 14.15.4, 15.5.1, son vulnerables a un bug de uso de la memoria previamente liberada en su implementación TLS. Al escribir en un socket habilitado para TLS, node::StreamBase::Write llama node::TLSWrap::DoWrite con un objeto WriteWrap recién asignado como primer argumento. Si el método DoWrite no devuelve un error, este objeto es devuelto a la persona que llama como parte de una estructura de StreamWriteResult. Esto puede ser explotado para corromper la memoria conllevando a una Denegación de Servicio o potencialmente otras explotaciones

A flaw was found in nodejs. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-01-28 CVE Reserved
  • 2021-01-06 CVE Published
  • 2024-08-04 CVE Updated
  • 2024-08-04 First Exploit
  • 2024-11-10 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-416: Use After Free
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Nodejs
Search vendor "Nodejs"
Node.js
Search vendor "Nodejs" for product "Node.js"
>= 10.0.0 < 10.23.1
Search vendor "Nodejs" for product "Node.js" and version " >= 10.0.0 < 10.23.1"
lts
Affected
Nodejs
Search vendor "Nodejs"
Node.js
Search vendor "Nodejs" for product "Node.js"
>= 12.0.0 < 12.20.1
Search vendor "Nodejs" for product "Node.js" and version " >= 12.0.0 < 12.20.1"
lts
Affected
Nodejs
Search vendor "Nodejs"
Node.js
Search vendor "Nodejs" for product "Node.js"
>= 14.0.0 < 14.15.4
Search vendor "Nodejs" for product "Node.js" and version " >= 14.0.0 < 14.15.4"
lts
Affected
Nodejs
Search vendor "Nodejs"
Node.js
Search vendor "Nodejs" for product "Node.js"
>= 15.0.0 < 15.5.1
Search vendor "Nodejs" for product "Node.js" and version " >= 15.0.0 < 15.5.1"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
10.0
Search vendor "Debian" for product "Debian Linux" and version "10.0"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
32
Search vendor "Fedoraproject" for product "Fedora" and version "32"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
33
Search vendor "Fedoraproject" for product "Fedora" and version "33"
-
Affected
Oracle
Search vendor "Oracle"
Graalvm
Search vendor "Oracle" for product "Graalvm"
19.3.4
Search vendor "Oracle" for product "Graalvm" and version "19.3.4"
enterprise
Affected
Oracle
Search vendor "Oracle"
Graalvm
Search vendor "Oracle" for product "Graalvm"
20.3.0
Search vendor "Oracle" for product "Graalvm" and version "20.3.0"
enterprise
Affected
Siemens
Search vendor "Siemens"
Sinec Infrastructure Network Services
Search vendor "Siemens" for product "Sinec Infrastructure Network Services"
< 1.0.1.1
Search vendor "Siemens" for product "Sinec Infrastructure Network Services" and version " < 1.0.1.1"
-
Affected