logo
DATABASE RESOURCES PRICING ABOUT US

Use After Free

Description

Node.js is vulnerable to use after free bug. The vulnerability is possible because when writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument however if the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits.


Affected Software


CPE Name Name Version
nodejs:buster 10.21.0~dfsg-1~deb10u1
nodejs:3.11 12.15.0-r1
nodejs:3.12 12.17.0-r0
nodejs:3.12 12.16.3-r0
nodejs:sid 12.19.0~dfsg-1
nodejs:bullseye 12.19.0~dfsg-1
rh-nodejs12-nodejs 12.10.0__4.el7
rh-nodejs12-nodejs 12.14.1__1.el7
rh-nodejs10-nodejs 10.16.3__4.el7
rh-nodejs10-nodejs 10.10.0__2.el7
rh-nodejs10-nodejs 10.19.0__1.el7
rh-nodejs10-nodejs 10.10.0__3.el7
nodejs-current:edge 13.11.0-r0
nodejs-current:edge 13.1.0-r0
nodejs-current:edge 14.0.0-r0
nodejs-current:edge 13.13.0-r0
nodejs-current:edge 14.1.0-r0
nodejs-current:edge 13.12.0-r1
nodejs-current:edge 13.12.0-r0
nodejs-current:edge 14.2.0-r0
nodejs-current:edge 14.3.0-r0
nodejs:edge 12.17.0-r0
nodejs:edge 12.15.0-r1
nodejs:edge 12.16.2-r0
nodejs:buster 10.21.0~dfsg-1~deb10u1
nodejs:3.11 12.15.0-r1
nodejs:3.12 12.17.0-r0
nodejs:3.12 12.16.3-r0
nodejs:sid 12.19.0~dfsg-1
nodejs:bullseye 12.19.0~dfsg-1
rh-nodejs12-nodejs 12.10.0__4.el7
rh-nodejs12-nodejs 12.14.1__1.el7
rh-nodejs10-nodejs 10.16.3__4.el7
rh-nodejs10-nodejs 10.10.0__2.el7
rh-nodejs10-nodejs 10.19.0__1.el7
rh-nodejs10-nodejs 10.10.0__3.el7
nodejs-current:edge 13.11.0-r0
nodejs-current:edge 13.1.0-r0
nodejs-current:edge 14.0.0-r0
nodejs-current:edge 13.13.0-r0
nodejs-current:edge 14.1.0-r0
nodejs-current:edge 13.12.0-r1
nodejs-current:edge 13.12.0-r0
nodejs-current:edge 14.2.0-r0
nodejs-current:edge 14.3.0-r0
nodejs:edge 12.17.0-r0
nodejs:edge 12.15.0-r1
nodejs:edge 12.16.2-r0

Related