Node.js is vulnerable to use after free bug. The vulnerability is possible because when writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument however if the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits.

References

cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

hackerone.com/reports/988103

lists.fedoraproject.org/archives/list/[email protected]/message/H472D5HPXN6RRXCNFML3BK5OYC52CXF2/

lists.fedoraproject.org/archives/list/[email protected]/message/K4I6MZNC7C7VIDQR267OL4TVCI3ZKAC4/

nodejs.org/en/blog/vulnerability/january-2021-security-releases/

security-tracker.debian.org/tracker/CVE-2020-8265

security.gentoo.org/glsa/202101-07

security.netapp.com/advisory/ntap-20210212-0003/

www.debian.org/security/2021/dsa-4826

www.oracle.com/security-alerts/cpujan2021.html

ubuntucve 1

redhatcve 1

nessus 36

cve 1

debiancve 1

prion 1

ibm 23

nvd 1

osv 11

cvelist 1

hackerone 1

photon 7

alpinelinux 1

archlinux 4

fedora 2

debian 1

openvas 15

mageia 1

suse 4

freebsd 1

altlinux 2

nodejsblog 1

ics 5

ubuntu 1

almalinux 3

oraclelinux 3

redhat 6

rocky 3

gentoo 1

oracle 1

ubuntucve

CVE-2020-8265

2021-01-06 00:00:00

redhatcve

CVE-2020-8265

2021-01-05 13:14:24

nessus

Photon OS 1.0: Nodejs10 PHSA-2021-1.0-0355

2021-01-21 00:00:00

Photon OS 2.0: Nodejs PHSA-2021-2.0-0313

2021-01-26 00:00:00

Photon OS 3.0: Nodejs PHSA-2021-3.0-0186

2021-01-26 00:00:00

cve

CVE-2020-8265

2021-01-06 21:15:14

debiancve

CVE-2020-8265

2021-01-06 21:15:14

prion

Design/Logic Flaw

2021-01-06 21:15:00

ibm

Security Bulletin: Multiple security vulnerabilities in Node.js affect IBM Voice Gateway

2021-03-18 21:21:03

Security Bulletin: IBM Integration Bus & IBM App Connect Enterprise V11 are affected by vulnerabilities in Node.js (CVE-2020-8265)

2021-05-05 11:54:04

Security Bulletin: Vulnerabilities in Node.js in IBM DataPower Gateway

2021-08-16 15:05:23

nvd

CVE-2020-8265

2021-01-06 21:15:14

osv

BIT-node-2020-8265

2024-03-06 11:07:41

CVE-2020-8265

2021-01-06 21:15:14

nodejs - security update

2021-01-06 00:00:00

cvelist

CVE-2020-8265

2021-01-06 21:01:15

hackerone

Node.js: Node.js: use-after-free in TLSWrap

2020-09-22 12:49:41

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0355

2021-01-20 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0313

2021-01-25 00:00:00

Important Photon OS Security Update - PHSA-2021-0313

2021-01-25 00:00:00

alpinelinux

CVE-2020-8265

2021-01-06 21:15:14

archlinux

[ASA-202101-15] nodejs-lts-fermium: multiple issues

2021-01-12 00:00:00

[ASA-202101-14] nodejs-lts-erbium: multiple issues

2021-01-12 00:00:00

[ASA-202101-13] nodejs-lts-dubnium: multiple issues

2021-01-12 00:00:00

fedora

[SECURITY] Fedora 33 Update: nodejs-14.15.4-1.fc33

2021-01-10 01:28:45

[SECURITY] Fedora 32 Update: nodejs-12.20.1-1.fc32

2021-01-16 01:23:44

debian

[SECURITY] [DSA 4826-1] nodejs security update

2021-01-06 22:02:35

openvas

Mageia: Security Advisory (MGASA-2021-0069)

2022-01-28 00:00:00

Fedora: Security Advisory for nodejs (FEDORA-2021-fb1a136393)

2021-01-11 00:00:00

SUSE: Security Advisory (SUSE-SU-2021:0107-1)

2021-06-09 00:00:00

mageia

Updated nodejs packages fix security vulnerabilities

2021-02-05 14:54:53

suse

Security update for nodejs10 (moderate)

2021-01-16 00:00:00

Security update for nodejs14 (moderate)

2021-01-15 00:00:00

Security update for nodejs10 (moderate)

2021-01-15 00:00:00

freebsd

Node.js -- January 2021 Security Releases

2021-01-04 00:00:00

altlinux

Security fix for the ALT Linux 9 package node version 14.15.4-alt1

2021-02-05 00:00:00

Security fix for the ALT Linux 10 package node version 14.15.4-alt1

2021-02-05 00:00:00

nodejsblog

January 2021 Security Releases

2021-01-04 00:00:00

ics

Hitachi Energy e-mesh EMS

2022-03-31 12:00:00

Hitachi Energy FACTS Control Platform (FCP) Product

2022-08-30 12:00:00

Hitachi Energy Gateway Station (GWS) Product

2022-08-30 12:00:00

ubuntu

Node.js vulnerabilities

2023-09-19 00:00:00

almalinux

Moderate: nodejs:12 security update

2021-02-16 07:34:29

Moderate: nodejs:14 security and bug fix update

2021-02-16 07:34:42

Moderate: nodejs:10 security update

2021-02-16 07:34:15

oraclelinux

nodejs:12 security update

2021-02-20 00:00:00

nodejs:14 security and bug fix update

2021-02-20 00:00:00

nodejs:10 security update

2021-02-20 00:00:00

redhat

(RHSA-2021:0485) Moderate: rh-nodejs12-nodejs security update

2021-02-11 13:08:55

(RHSA-2021:0421) Moderate: rh-nodejs14-nodejs security update

2021-02-04 16:46:24

(RHSA-2021:0551) Moderate: nodejs:14 security and bug fix update

2021-02-16 07:34:42

rocky

nodejs:14 security and bug fix update

2021-02-16 07:34:42

nodejs:12 security update

2021-02-16 07:34:29

nodejs:10 security update

2021-02-16 07:34:15

gentoo

NodeJS: Multiple vulnerabilities

2021-01-11 00:00:00

oracle

Oracle Critical Patch Update Advisory - January 2021

2021-01-19 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

EPSS

0.005

Percentile

75.9%

JSON

Related for VERACODE:28906