1. Home
  2. Vulnerabilities
  3. CVE-2020-8174

CVE-2020-8174

CVSS v3.1 8.1 (High)
81% Progress
CVSS v2.0 9.3 (High)
93% Progress
EPSS 2.21 % (90th)
2.21% Progress
Affected Products 9
Advisories 21
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.

Weaknesses
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-191
Integer Underflow (Wrap or Wraparound)
CVE Status
PUBLISHED
CNA
HackerOne
Published Date
2020-07-24 22:15:12
(4 years ago)
Updated Date
2022-05-12 15:01:21
(2 years ago)

Affected Products

Netapp

Nodejs

Oracle

Configuration #1

    CPE23 From Up To
  Nodejs Node.js prior 10.21.0 version cpe:2.3:a:nodejs:node.js::*:*:*:- < 10.21.0
  Nodejs Node.js from 12.0.0 version and prior 12.18.0 version cpe:2.3:a:nodejs:node.js::*:*:*:- >= 12.0.0 < 12.18.0
  Nodejs Node.js from 14.0.0 version and prior 14.4.0 version cpe:2.3:a:nodejs:node.js::*:*:*:- >= 14.0.0 < 14.4.0

Configuration #2

    CPE23 From Up To
  Oracle Banking Extensibility Workbench 14.3.0 cpe:2.3:a:oracle:banking_extensibility_workbench:14.3.0
  Oracle Banking Extensibility Workbench 14.4.0 cpe:2.3:a:oracle:banking_extensibility_workbench:14.4.0
  Oracle Blockchain Platform prior 21.1.2 version cpe:2.3:a:oracle:blockchain_platform < 21.1.2
  Oracle Mysql Cluster 7.3.30 and prior versions cpe:2.3:a:oracle:mysql_cluster <= 7.3.30
  Oracle Mysql Cluster from 7.4.0 version and 7.4.29 and prior versions cpe:2.3:a:oracle:mysql_cluster >= 7.4.0 <= 7.4.29
  Oracle Mysql Cluster from 7.5.0 version and 7.5.19 and prior versions cpe:2.3:a:oracle:mysql_cluster >= 7.5.0 <= 7.5.19
  Oracle Mysql Cluster from 7.6.0 version and 7.6.15 and prior versions cpe:2.3:a:oracle:mysql_cluster >= 7.6.0 <= 7.6.15
  Oracle Mysql Cluster from 8.0.0 version and 8.0.21 and prior versions cpe:2.3:a:oracle:mysql_cluster >= 8.0.0 <= 8.0.21
  Oracle Retail Xstore Point Of Service 16.0.6 cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6
  Oracle Retail Xstore Point Of Service 17.0.4 cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4
  Oracle Retail Xstore Point Of Service 18.0.3 cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3
  Oracle Retail Xstore Point Of Service 19.0.2 cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2
  Oracle Retail Xstore Point Of Service 20.0.1 cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1

Configuration #3

    CPE23 From Up To
  Netapp Active Iq Unified Manager for Vmware Vsphere cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere
  Netapp Active Iq Unified Manager for Windows cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows
  Netapp Oncommand Insight cpe:2.3:a:netapp:oncommand_insight:-
  Netapp Oncommand Workflow Automation cpe:2.3:a:netapp:oncommand_workflow_automation:-
  Netapp Snapcenter cpe:2.3:a:netapp:snapcenter:-