CVE-2020-8265
CVSS v3.1
8.1 (High)
CVSS v2.0
6.8 (Medium)
EPSS
0.47 % (76th)
Affected Products
5
Advisories
30
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits.
Weaknesses
- CWE-416
- Use After Free
- CVE Status
- PUBLISHED
- CNA
- HackerOne
- Published Date
-
2021-01-06 21:15:14
(3 years ago) - Updated Date
-
2023-11-07 03:26:19
(10 months ago)
Affected Products
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Configuration #3
|
Configuration #4
|
Configuration #5
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...