CVE-2020-8244

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-8244
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8244.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-8244
Aliases
Downstream
Published
2020-08-30T15:15:12.167Z
Modified
2026-02-26T09:13:18.204090Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVSS Calculator
Summary
[none]
Details

A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, <2.2.1, and <1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls.

References

Affected packages

Git / github.com/rvagg/bl

Affected ranges

Type
GIT
Repo
https://github.com/rvagg/bl
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d69edfd66f2b1d8b50abc0ecfe42216437540178
Introduced
52564cc1b2091374f66ca4544f686f199fd4537d
Fixed
8cb93f455f0b44fe0ffaee75a3c74c84579dc8c1
Introduced
8ca2ec434a053d48b399c5b5cb06ad00202cc5d4
Fixed
f659836cc84211cad41b73bad89c78f7f874c626
Introduced
ecc0cc51ef62f41ae151e82d61a8eac71c2ca672
Fixed
84e1852465572927d9151e6484f351d712b94dea

Affected versions

v2.*
v2.0.0
v2.0.1
v2.1.0
v2.1.1
v2.1.2
v2.2.0
v3.*
v3.0.0
v4.*
v4.0.0
v4.0.1
v4.0.2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8244.json"