A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1.

References

bugzilla.redhat.com/show_bug.cgi?id=1898554

nvd.nist.gov/vuln/detail/CVE-2020-8277

www.cve.org/CVERecord?id=CVE-2020-8277

nessus 38

openvas 15

altlinux 3

gentoo 2

suse 4

ubuntu 1

osv 6

ibm 21

photon 9

veracode 1

fedora 4

nvd 1

ubuntucve 1

f5 1

githubexploit 2

prion 1

cbl_mariner 2

nodejsblog 1

freebsd 2

cvelist 1

gitlab 1

debiancve 1

alpinelinux 1

hackerone 1

archlinux 1

cve 1

oraclelinux 2

rosalinux 1

almalinux 2

rocky 2

redhat 4

oracle 5

nessus

Fedora 32 : mingw-c-ares (2021-afed2b904e)

2021-02-25 00:00:00

Photon OS 1.0: C PHSA-2021-1.0-0378

2021-04-20 00:00:00

openSUSE Security Update : c-ares (openSUSE-2020-2045)

2020-11-30 00:00:00

openvas

Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2021-1756)

2021-04-13 00:00:00

SUSE: Security Advisory (SUSE-SU-2020:3549-1)

2021-06-09 00:00:00

Huawei EulerOS: Security Advisory for c-ares (EulerOS-SA-2021-1920)

2021-06-07 00:00:00

altlinux

Security fix for the ALT Linux 9 package node version 14.15.1-alt1

2020-11-26 00:00:00

Security fix for the ALT Linux 9 package c-ares version 1.16.1-alt2

2020-11-19 00:00:00

Security fix for the ALT Linux 10 package node version 14.15.1-alt1

2020-11-16 00:00:00

gentoo

c-ares: Denial of service

2020-12-23 00:00:00

NodeJS: Multiple vulnerabilities

2021-01-11 00:00:00

suse

Security update for c-ares (moderate)

2020-11-28 00:00:00

Security update for c-ares (moderate)

2020-11-26 00:00:00

Security update for nodejs14 (moderate)

2021-01-15 00:00:00

ubuntu

c-ares vulnerability

2020-11-19 00:00:00

osv

BIT-node-2020-8277

2024-03-06 11:07:32

CVE-2020-8277

2020-11-19 01:15:12

Moderate: nodejs:12 security and bug fix update

2020-12-15 16:03:21

ibm

Security Bulletin: Version 12.18.4 of Node.js included in IBM Netcool Operations Insight 1.6.2.x has a security vulnerability

2020-12-15 18:47:16

Security Bulletin: IBM API Connect is vulnerable to denial of service (DoS) via Node.js (CVE-2020-8277)

2021-03-06 17:41:55

Security Bulletin: A security vulnerability in Node.js affects IBM Cloud Automation Manager.

2023-05-15 12:07:40

photon

Important Photon OS Security Update - PHSA-2021-0209

2021-03-23 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0378

2021-04-07 00:00:00

Important Photon OS Security Update - PHSA-2021-3.0-0209

2021-03-23 00:00:00

veracode

Denial Of Service (DoS)

2020-12-02 09:51:12

fedora

[SECURITY] Fedora 32 Update: mingw-c-ares-1.17.1-1.fc32

2021-02-24 20:46:53

[SECURITY] Fedora 32 Update: c-ares-1.17.0-1.fc32

2020-12-04 00:30:19

[SECURITY] Fedora 33 Update: mingw-c-ares-1.17.1-1.fc33

2021-02-24 20:42:29

nvd

CVE-2020-8277

2020-11-19 01:15:12

ubuntucve

CVE-2020-8277

2020-11-17 00:00:00

K07944249 : Node.js vulnerability CVE-2020-8277

2021-02-24 00:00:00

githubexploit

Exploit for Uncontrolled Resource Consumption in Nodejs Node.Js

2021-07-10 20:42:11

Exploit for Uncontrolled Resource Consumption in Nodejs Node.Js

2020-11-18 10:57:13

prion

Cross site request forgery (csrf)

2020-11-19 01:15:00

cbl_mariner

CVE-2020-8277 affecting package c-ares 1.14.0-3

2021-04-06 23:50:04

CVE-2020-8277 affecting package python-gevent for versions less than 21.1.2-3

2024-07-02 03:08:37

nodejsblog

November 2020 Security Releases

2020-11-16 00:00:00

freebsd

Node.js -- November 2020 Security Releases

2020-11-16 00:00:00

MySQL -- Multiple vulnerabilities

2021-04-20 00:00:00

cvelist

CVE-2020-8277

2020-11-19 00:32:13

gitlab

Uncontrolled Resource Consumption

2020-11-19 00:00:00

debiancve

CVE-2020-8277

2020-11-19 01:15:12

alpinelinux

CVE-2020-8277

2020-11-19 01:15:12

hackerone

Node.js: DNS Max Responses for DOS

2020-11-12 18:32:25

archlinux

[ASA-202011-18] c-ares: denial of service

2020-11-19 00:00:00

cve

CVE-2020-8277

2020-11-19 01:15:12

oraclelinux

nodejs:12 security and bug fix update

2020-12-17 00:00:00

nodejs:14 security and bug fix update

2021-02-20 00:00:00

rosalinux

Advisory ROSA-SA-2021-1811

2021-07-02 16:34:46

almalinux

Moderate: nodejs:12 security and bug fix update

2020-12-15 16:03:21

Moderate: nodejs:14 security and bug fix update

2021-02-16 07:34:42

rocky

nodejs:12 security and bug fix update

2020-12-15 16:03:21

nodejs:14 security and bug fix update

2021-02-16 07:34:42

redhat

(RHSA-2020:5305) Moderate: rh-nodejs12-nodejs security update

2020-12-01 14:18:32

(RHSA-2020:5499) Moderate: nodejs:12 security and bug fix update

2020-12-15 16:03:21

(RHSA-2021:0551) Moderate: nodejs:14 security and bug fix update

2021-02-16 07:34:42

oracle

Oracle Critical Patch Update Advisory - January 2021

2021-01-19 00:00:00

Oracle Critical Patch Update Advisory - July 2021

2021-07-20 00:00:00

Oracle Critical Patch Update Advisory - October 2021

2021-10-19 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.008 Low

EPSS

Percentile

81.2%

JSON

Related for RH:CVE-2020-8277