Memory corruption

2020-07-2422:15:00

PRIOn knowledge base

www.prio-n.com

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.014 Low

EPSS

Percentile

86.3%

JSON

napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.

CPENameOperatorVersion
node.jsge14.0.0
node.jslt14.4.0
node.jslt10.21.0
node.jsge12.0.0
node.jslt12.18.0
banking_extensibility_workbencheq14.4.0
banking_extensibility_workbencheq14.3.0
blockchain_platformlt21.1.2
mysql_clusterge8.0.0
mysql_clusterle8.0.21

Name	Operator	Version
node.js	ge	14.0.0
node.js	lt	14.4.0
node.js	lt	10.21.0
node.js	ge	12.0.0
node.js	lt	12.18.0
banking_extensibility_workbench	eq	14.4.0
banking_extensibility_workbench	eq	14.3.0
blockchain_platform	lt	21.1.2
mysql_cluster	ge	8.0.0
mysql_cluster	le	8.0.21