The vulnerability of the DoWrite method implementation in the Node.js software platform allows a perpetrator to trigger a service failure or cause other adverse effects.

🗓️ 23 Feb 2021 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Vulnerability in DoWrite method of Node.js permits remote use after free exploit causing service failures.

Reporter	Title	Published	Views	Family All 231
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js™ in IBM Cloud	11 Mar 202117:48	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in node.js may affect configuration editor used in IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2020-1971, CVE-2020-8265, CVE-2020-8287	25 Mar 202110:10	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilites in Node.js affect IBM Integration Bus & IBM App Connect Enterprise V11	19 Apr 202112:56	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM Cloud Pak for Automation	29 Mar 202121:48	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Guardium Insights is affected by multiple vulnerabilities	19 Jun 202517:12	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Integration is vulnerable to Node.js vulnerabilities (CVE-2020-1971, CVE-2020-8265, and CVE-2020-8287)	23 Mar 202115:55	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilites affect IBM Engineering products.	29 Mar 202121:46	–	ibm
IBM Security Bulletins	Security Bulletin: Cloud Pak for Security contains security vulnerabilities	13 May 202121:45	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to multiple denial of service and HTTP request smuggling vulnerabilities	29 Apr 202111:03	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Event Streams is potentially affected by multiple node vulnerabilities	21 Dec 202117:40	–	ibm

Vulners

Node

oracle graalvm_enterprise_editionMatch19.3.4

OR

oracle graalvm_enterprise_editionMatch20.3.0

OR

node.js node.jsRange<10.23.1

OR

node.js node.jsRange<12.20.1

OR

node.js node.jsRange<14.15.4

OR

node.js node.jsRange<15.5.1

OR

hitachi,hitachi_energy_gateway_station_(gws)Range<3.2.0.0

OR

hitachi,facts_control_platform_(fcp)Range≤3.12.0

OR

hitachi,facts_control_platform_(fcp)Range≤2.3.0

OR

hitachi,facts_control_platform_(fcp)Range≤1.3.0

OR

novell opensuse_leapMatch15.1

OR

novell opensuse_leapMatch15.2

Source	Link
oracle	www.oracle.com/security-alerts/cpujan2021.html
nvd	www.nvd.nist.gov/vuln/detail/CVE-2020-8265
suse	www.suse.com/security/cve/CVE-2020-8265/
security-tracker	www.security-tracker.debian.org/tracker/CVE-2020-8265
cisa	www.cisa.gov/uscert/ics/advisories/icsa-22-242-02
cisa	www.cisa.gov/uscert/ics/advisories/icsa-22-242-01
xn--80ahaefyxhn	www.xn--80ahaefyxhn.xn--j1afgaq.xn--p1ai/bin/view/%D0%9E%D0%A1%D0%BD%D0%BE%D0%B2%D0%B0/%D0%9E%D0%B1%D0%BD%D0%BE%D0%B2%D0%BB%D0%B5%D0%BD%D0%B8%D1%8F/2.4.3/
hackerone	www.hackerone.com/reports/988103
altsp	www.altsp.su/obnovleniya-bezopasnosti/
web	www.web.nvd.nist.gov/view/vuln/detail

16 Sep 2024 00:00Current

6.9Medium risk

Vulners AI Score6.9

CVSS 38.1

CVSS 29.4

EPSS0.09009

do write method nodejs platform memory after free remote exploitation service failures