UBUNTU-CVE-2020-8244

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2020-8244

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-8244.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2020-8244

Related

Published

2020-08-30T15:15:00Z

Modified

2025-01-13T10:22:09Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVSS Calculator

Summary

[none]

Details

A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, <2.2.1, and <1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls.

References

Affected packages

Ubuntu:Pro:16.04:LTS / node-bl

Package

Name: node-bl
Purl: pkg:deb/ubuntu/node-bl@0.9.3-1ubuntu0.1~esm1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.3-1ubuntu0.1~esm1

Affected versions

0.*

0.9.3-1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "0.9.3-1ubuntu0.1~esm1",
            "binary_name": "node-bl"
        }
    ]
}

Ubuntu:18.04:LTS / node-bl

Package

Name: node-bl
Purl: pkg:deb/ubuntu/node-bl@1.1.2-1ubuntu1.1?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.2-1ubuntu1.1

Affected versions

1.*

1.1.2-1

1.1.2-1ubuntu1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.1.2-1ubuntu1.1",
            "binary_name": "node-bl"
        }
    ]
}

Ubuntu:20.04:LTS / node-bl

Package

Name: node-bl
Purl: pkg:deb/ubuntu/node-bl@4.0.0-2?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.1.2-3

4.*

4.0.0-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / node-bl

Package

Name: node-bl
Purl: pkg:deb/ubuntu/node-bl@4.0.3-1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.0.3-1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "4.0.3-1",
            "binary_name": "node-bl"
        }
    ]
}