BIT-node-2020-8265

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/node/BIT-node-2020-8265.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-node-2020-8265
Aliases
Published
2024-03-06T11:07:41.583Z
Modified
2024-12-16T15:27:14.262021Z
Summary
[none]
Details

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits.

Database specific
{
    "cpes": [
        "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
        "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*"
    ],
    "severity": "High"
}
References

Affected packages

Bitnami / node

Package

Name
node
Purl
pkg:bitnami/node

Severity

  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
10.0.0
Fixed
10.23.1
Introduced
12.0.0
Fixed
12.20.1
Introduced
14.0.0
Fixed
14.15.4
Introduced
15.0.0
Fixed
15.5.1