fast-string-search denial-of-service vulnerability

fast-string-search is a search function that can search for strings using N-API and boyer-moore-magiclen. fast-string-search suffers from a denial-of-service vulnerability that stems from incorrect computation of non-string input, which can be exploited by an attacker to cause fast-string- search...

openSUSE: Security Advisory for nodejs10 (openSUSE-SU-2021:0082-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : nodejs10 (openSUSE-2021-65)

This update for nodejs10 fixes the following issues : - New upstream LTS version 10.23.1 : - CVE-2020-8265: use-after-free in TLSWrap High bug in TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap objec...

openSUSE Security Update : nodejs10 (openSUSE-2021-82)

This update for nodejs10 fixes the following issues : - New upstream LTS version 10.23.1 : - CVE-2020-8265: use-after-free in TLSWrap High bug in TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap objec...

Security update for nodejs10 (moderate)

openSUSE Security Update: Security update for nodejs10 Announcement ID: openSUSE-SU-2021:0065-1 Rating: moderate References: 1179491 1180553 1180554 Cross-References: CVE-2020-1971 CVE-2020-8265 CVE-2020-8287 Affected Products: openSUSE Leap 15.2 An update that fixes three vulnerabilities is now...

SUSE SLES12 Security Update : nodejs10 (SUSE-SU-2021:0082-1)

This update for nodejs10 fixes the following issues : New upstream LTS version 10.23.1 : - CVE-2020-8265: use-after-free in TLSWrap High bug in TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object ...

SUSE SLES15 Security Update : nodejs10 (SUSE-SU-2021:0060-1)

This update for nodejs10 fixes the following issues : New upstream LTS version 10.23.1 : - CVE-2020-8265: use-after-free in TLSWrap High bug in TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object ...

SUSE SLES15 Security Update : nodejs12 (SUSE-SU-2021:0062-1)

This update for nodejs12 fixes the following issues : New upstream LTS version 12.20.1 : - CVE-2020-8265: use-after-free in TLSWrap High bug in TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object ...

SUSE-SU-2021:0060-1 Security update for nodejs10

This update for nodejs10 fixes the following issues: - New upstream LTS version 10.23.1: CVE-2020-8265: use-after-free in TLSWrap High bug in TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as...

Node.js: napi_get_value_string_X allow various kinds of memory corruption

Summary: napigetvaluestringlatin1, napigetvaluestringutf8, napigetvaluestringutf16 are vulnerable to buffer overflows, partially due to an integer underflow. Description: napigetvaluestringlatin1, napigetvaluestringutf8, and napigetvaluestringutf16 behave like this: 1. If the output pointer is...