Lucene search
GoogleOSV:CVE-2020-8265HistoryJan 06, 2021 - 9:15 p.m.
CVE-2020-8265
2021-01-0621:15:14
Google
osv.dev
7
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits.
| CPE | Name | Operator | Version |
|---|---|---|---|
| nodejs | eq | 8.11.1-r2 | |
| nodejs | eq | 10.14.2-r0 | |
| nodejs | eq | 6.10.1-r0 | |
| nodejs | eq | 14.15.3-r1 | |
| nodejs | eq | 8.11.1-r0 | |
| nodejs | eq | 14.15.1-r0 | |
| nodejs | eq | 12.19.0-r0 | |
| nodejs | eq | 6.11.1-r1 | |
| nodejs | eq | 12.17.0-r1 | |
| nodejs | eq | 8.11.0-r0 |
References
cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
hackerone.com/reports/988103
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H472D5HPXN6RRXCNFML3BK5OYC52CXF2/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K4I6MZNC7C7VIDQR267OL4TVCI3ZKAC4/
nodejs.org/en/blog/vulnerability/january-2021-security-releases/
security.gentoo.org/glsa/202101-07
security.netapp.com/advisory/ntap-20210212-0003/
www.debian.org/security/2021/dsa-4826
www.oracle.com/security-alerts/cpujan2021.html
Related
nessus
nessus
Photon OS 1.0: Nodejs10 PHSA-2021-1.0-0355
2021-01-21 00:00:00
Photon OS 2.0: Nodejs PHSA-2021-2.0-0313
2021-01-26 00:00:00
Photon OS 3.0: Nodejs PHSA-2021-3.0-0186
2021-01-26 00:00:00
cve
cve
CVE-2020-8265
2021-01-06 21:15:14
redhatcve
redhatcve
CVE-2020-8265
2021-01-05 13:14:24
ubuntucve
ubuntucve
CVE-2020-8265
2021-01-06 00:00:00
ibm
ibm
Security Bulletin: Multiple security vulnerabilities in Node.js affect IBM Voice Gateway
2021-03-18 21:21:03
Security Bulletin: IBM Integration Bus & IBM App Connect Enterprise V11 are affected by vulnerabilities in Node.js (CVE-2020-8265)
2021-05-05 11:54:04
Security Bulletin: Vulnerabilities in Node.js in IBM DataPower Gateway
2021-08-16 15:05:23
prion
prion
Design/Logic Flaw
2021-01-06 21:15:00
nvd
nvd
CVE-2020-8265
2021-01-06 21:15:14
veracode
veracode
Use After Free
2021-01-07 04:10:07
debiancve
debiancve
CVE-2020-8265
2021-01-06 21:15:14
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2021-1.0-0355
2021-01-20 00:00:00
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2021-2.0-0313
2021-01-25 00:00:00
Important Photon OS Security Update - PHSA-2021-0313
2021-01-25 00:00:00
alpinelinux
alpinelinux
CVE-2020-8265
2021-01-06 21:15:14
hackerone
hackerone
Node.js: Node.js: use-after-free in TLSWrap
2020-09-22 12:49:41
osv
osv
BIT-node-2020-8265
2024-03-06 11:07:41
nodejs - security update
2021-01-06 00:00:00
nodejs vulnerabilities
2023-09-19 07:18:15
cvelist
cvelist
CVE-2020-8265
2021-01-06 21:01:15
debian
debian
[SECURITY] [DSA 4826-1] nodejs security update
2021-01-06 22:02:35
archlinux
archlinux
[ASA-202101-13] nodejs-lts-dubnium: multiple issues
2021-01-12 00:00:00
[ASA-202101-14] nodejs-lts-erbium: multiple issues
2021-01-12 00:00:00
[ASA-202101-15] nodejs-lts-fermium: multiple issues
2021-01-12 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2021-0069)
2022-01-28 00:00:00
Debian: Security Advisory (DSA-4826-1)
2021-01-08 00:00:00
Fedora: Security Advisory for nodejs (FEDORA-2021-fb1a136393)
2021-01-11 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: nodejs-14.15.4-1.fc33
2021-01-10 01:28:45
[SECURITY] Fedora 32 Update: nodejs-12.20.1-1.fc32
2021-01-16 01:23:44
mageia
mageia
Updated nodejs packages fix security vulnerabilities
2021-02-05 14:54:53
nodejsblog
nodejsblog
January 2021 Security Releases
2021-01-04 00:00:00
suse
suse
Security update for nodejs10 (moderate)
2021-01-15 00:00:00
Security update for nodejs14 (moderate)
2021-01-15 00:00:00
Security update for nodejs10 (moderate)
2021-01-16 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package node version 14.15.4-alt1
2021-02-05 00:00:00
Security fix for the ALT Linux 10 package node version 14.15.4-alt1
2021-02-05 00:00:00
freebsd
freebsd
Node.js -- January 2021 Security Releases
2021-01-04 00:00:00
ics
ics
Hitachi Energy e-mesh EMS
2022-03-31 12:00:00
Hitachi Energy Gateway Station (GWS) Product
2022-08-30 12:00:00
Hitachi Energy FACTS Control Platform (FCP) Product
2022-08-30 12:00:00
oraclelinux
oraclelinux
nodejs:12 security update
2021-02-20 00:00:00
nodejs:14 security and bug fix update
2021-02-20 00:00:00
nodejs:10 security update
2021-02-20 00:00:00
almalinux
almalinux
Moderate: nodejs:12 security update
2021-02-16 07:34:29
Moderate: nodejs:14 security and bug fix update
2021-02-16 07:34:42
Moderate: nodejs:10 security update
2021-02-16 07:34:15
ubuntu
ubuntu
Node.js vulnerabilities
2023-09-19 00:00:00
redhat
redhat
(RHSA-2021:0549) Moderate: nodejs:12 security update
2021-02-16 07:34:29
(RHSA-2021:0485) Moderate: rh-nodejs12-nodejs security update
2021-02-11 13:08:55
(RHSA-2021:0421) Moderate: rh-nodejs14-nodejs security update
2021-02-04 16:46:24
rocky
rocky
nodejs:14 security and bug fix update
2021-02-16 07:34:42
nodejs:12 security update
2021-02-16 07:34:29
nodejs:10 security update
2021-02-16 07:34:15
gentoo
gentoo
NodeJS: Multiple vulnerabilities
2021-01-11 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2021
2021-01-19 00:00:00