Vulnerability CVE-2020-8265 - CERT Civis.Net

Vulnerability Name:

CVE-2020-8265 (CCN-194101)

Assigned:

2020-01-28

Published:

2021-01-04

Updated:

2022-04-06

Summary:

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits.

CVSS v3 Severity:

8.1 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.3 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

8.1 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.3 High (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2020-8265

Source: CCN
Type: Google Security Research Issue 2095
Node.js: use-after-free in TLSWrap

Source: CONFIRM
Type: Patch, Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

Source: XF
Type: UNKNOWN
nodejs-cve20208265-dos(194101)

Source: MISC
Type: Exploit, Issue Tracking, Patch, Third Party Advisory
https://hackerone.com/reports/988103

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-d5b2c18fe6

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-fb1a136393

Source: CCN
Type: Node.js Blog, 2021-01-04
Node v10.23.1 (LTS)

Source: CCN
Type: Node.js Blog, 2021-01-04
Node v12.20.1 (LTS)

Source: MISC
Type: Patch, Vendor Advisory
https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/

Source: CCN
Type: Packet Storm Security [01-05-2021]
Node.js TLSWrap Use-After-Free

Source: GENTOO
Type: Third Party Advisory
GLSA-202101-07

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20210212-0003/

Source: DEBIAN
Type: Third Party Advisory
DSA-4826

Source: CCN
Type: IBM Security Bulletin 6415993 (Spectrum Control)
Vulnerabilities in XStream, Apache HTTP, Jackson Databind, OpenSSL, and Node.js affect IBM Spectrum Control

Source: CCN
Type: IBM Security Bulletin 6416137 (Watson Discovery)
IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js

Source: CCN
Type: IBM Security Bulletin 6428997 (SDK for Node.js for Bluemix)
Multiple vulnerabilities affect IBM SDK for Node.js in IBM Cloud

Source: CCN
Type: IBM Security Bulletin 6433625 (Voice Gateway)
Multiple security vulnerabilities in Node.js affect IBM Voice Gateway

Source: CCN
Type: IBM Security Bulletin 6435153 (Cloud Pak for Integration)
IBM Cloud Pak for Integration is vulnerable to Node.js vulnerabilities (CVE-2020-1971, CVE-2020-8265, and CVE-2020-8287)

Source: CCN
Type: IBM Security Bulletin 6436083 (Business Automation Workflow)
Multiple vulnerabilities in node.js may affect configuration editor used in IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2020-1971, CVE-2020-8265, CVE-2020-8287

Source: CCN
Type: IBM Security Bulletin 6437245 (InfoSphere Information Server)
Multiple vulnerabilities in Node.js affect IBM InfoSphere Information Server

Source: CCN
Type: IBM Security Bulletin 6437577 (Cloud Pak for Automation)
Multiple vulnerabilities affect IBM Cloud Pak for Automation

Source: CCN
Type: IBM Security Bulletin 6437579 (Rational Team Concert)
Multiple vulnerabilites affect IBM Engineering products.

Source: CCN
Type: IBM Security Bulletin 6438785 (Cloud Transformation Advisor)
IBM Cloud Transformation Advisor is affected by multiple Node.js vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6440625 (API Connect)
IBM API Connect is impacted by vulnerabilities in Node.js and OpenSSL (CVE-2020-1971, CVE-2020-8265, CVE-2020-8287)

Source: CCN
Type: IBM Security Bulletin 6444815 (App Connect Enterprise)
Multiple vulnerabilites in Node.js affect IBM Integration Bus & IBM App Connect Enterprise V11

Source: CCN
Type: IBM Security Bulletin 6448434 (App Connect Enterprise Certified Container)
IBM App Connect Enterprise Certified Container may be vulnerable to multiple denial of service and HTTP request smuggling vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6449996 (Integration Bus)
IBM Integration Bus & IBM App Connect Enterprise V11 are affected by vulnerabilities in Node.js (CVE-2020-8265)

Source: CCN
Type: IBM Security Bulletin 6453115 (Cloud Pak for Security)
Cloud Pak for Security contains security vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6463275 (Event Streams)
IBM Event Streams is potentially affected by multiple node vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6469135 (Security Guardium Insights)
IBM Security Guardium Insights is affected by multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6476622 (WA for ICP)
Potential vulnerability with Node.js

Source: CCN
Type: IBM Security Bulletin 6481671 (DataPower Gateway)
Vulnerabilities in Node.js in IBM DataPower Gateway

Source: CCN
Type: IBM Security Bulletin 6482489 (DataPower Gateway)
Update Secure Gateway Client in IBM DataPower Gateway to address several CVEs

Source: CCN
Type: IBM Security Bulletin 6486165 (Cloud Private)
IBM Cloud Private is vulnerable to OpenSSL and Node.js vulnerabilities (CVE-2020-1971, CVE-2020-8287, CVE-2020-8265)

Source: CCN
Type: IBM Security Bulletin 6591203 (Netcool Agile Service Manager)
Multiple Vulnerabilities in Node.js affects IBM Netcool Agile Service Manager

Source: MISC
Type: Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html

Vulnerable Configuration:

Configuration 1:

cpe:/a:nodejs:node.js:*:*:*:*:lts:*:*:* (Version >= 10.0.0 and < 10.23.1)

OR cpe:/a:nodejs:node.js:*:*:*:*:lts:*:*:* (Version >= 12.0.0 and < 12.20.1)

OR cpe:/a:nodejs:node.js:*:*:*:*:lts:*:*:* (Version >= 14.0.0 and < 14.15.4)

OR cpe:/a:nodejs:node.js:*:*:*:*:-:*:*:* (Version >= 15.0.0 and < 15.5.1)

Configuration 2:

cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:fedoraproject:fedora:32:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Configuration 4:

cpe:/a:oracle:graalvm:19.3.4:*:*:*:enterprise:*:*:*

OR cpe:/a:oracle:graalvm:20.3.0:*:*:*:enterprise:*:*:*

Configuration 5:

cpe:/a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:* (Version < 1.0.1.1)

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration CCN 1:

cpe:/a:nodejs:node.js:10:*:*:*:*:*:*:*

OR cpe:/a:nodejs:node.js:12:*:*:*:*:*:*:*

AND

cpe:/a:ibm:business_process_manager:8.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:api_connect:5.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:business_process_manager:8.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:integration_bus:10.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:app_connect:11.0.0.0:*:*:*:enterprise:*:*:*

OR cpe:/a:ibm:datapower_gateway:2018.4.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_control:5.3.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_control:5.3.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_control:5.3.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_control:5.3.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:2019.2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_discovery:2.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:voice_gateway:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:voice_gateway:1.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:api_connect:2018.4.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:voice_gateway:1.0.2.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:voice_gateway:1.0.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_private:3.2.1:cd:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:2019.4.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:voice_gateway:1.0.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:business_automation_workflow:18.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:business_automation_workflow:19.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:business_automation_workflow:20.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:rational_team_concert:7.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:2019.4.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:10.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_private:3.2.2:cd:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_control:5.3.4:*:standard:*:*:*:*:*

OR cpe:/a:ibm:spectrum_control:5.3.5:*:standard:*:*:*:*:*

OR cpe:/a:ibm:spectrum_control:5.3.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_control:5.3.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:20.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:datapower_gateway:10.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:api_connect:10.0.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:voice_gateway:1.0.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:api_connect:5.0.8.10:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:2019.4.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:10.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_security:1.4.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_control:5.4.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:watson_discovery:2.2.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:api_connect:10.0.1.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:voice_gateway:1.0.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_security:1.6.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_security:1.5.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_security:1.5.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_transformation_advisor:2.4.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:api_connect:2018.4.1.15:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_security:1.6.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:10.2.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:datapower_gateway:10.0.2.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:datapower_gateway:10.0.1.3:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:8176	P	Security update for php7 (Moderate) (in QA)	2023-06-15
oval:org.opensuse.security:def:8175	P	Security update for MozillaThunderbird (Important) (in QA)	2023-06-13
oval:org.opensuse.security:def:8143	P	Security update for rustup (Moderate) (in QA)	2023-06-09
oval:org.opensuse.security:def:8174	P	Security update for dav1d (Moderate) (in QA)	2023-05-22
oval:org.opensuse.security:def:641	P	Security update for nodejs12 (Moderate) (in QA)	2022-09-30
oval:org.opensuse.security:def:642	P	Security update for nodejs10 (Moderate) (in QA)	2022-09-30
oval:org.opensuse.security:def:113037	P	nodejs14-14.17.5-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:106478	P	nodejs14-14.17.5-1.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:101417	P	nodejs12-12.21.0-4.13.2 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2327	P	nodejs12-12.21.0-4.13.2 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:101418	P	nodejs14-14.16.0-5.9.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2328	P	nodejs14-14.16.0-5.9.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63416	P	nodejs12-12.21.0-4.13.2 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63417	P	nodejs14-14.16.0-5.9.1 on GA media (Moderate)	2021-08-10
oval:com.redhat.rhsa:def:20210548	P	RHSA-2021:0548: nodejs:10 security update (Moderate)	2021-02-16
oval:com.redhat.rhsa:def:20210549	P	RHSA-2021:0549: nodejs:12 security update (Moderate)	2021-02-16
oval:com.redhat.rhsa:def:20210551	P	RHSA-2021:0551: nodejs:14 security and bug fix update (Moderate)	2021-02-16
oval:org.opensuse.security:def:110676	P	Security update for nodejs10 (Moderate)	2021-01-16
oval:org.opensuse.security:def:111357	P	Security update for nodejs12 (Moderate)	2021-01-15
oval:org.opensuse.security:def:111361	P	Security update for nodejs10 (Moderate)	2021-01-15
oval:org.opensuse.security:def:111363	P	Security update for nodejs14 (Moderate)	2021-01-15
oval:org.opensuse.security:def:20967	P	Security update for nodejs14 (Moderate)	2021-01-13
oval:org.opensuse.security:def:49438	P	Security update for nodejs14 (Moderate)	2021-01-13
oval:org.opensuse.security:def:49465	P	Security update for nodejs10 (Moderate)	2021-01-12
oval:org.opensuse.security:def:20994	P	Security update for nodejs10 (Moderate)	2021-01-12
oval:org.opensuse.security:def:109497	P	Security update for nodejs12 (Moderate)	2021-01-11
oval:org.opensuse.security:def:96139	P	Security update for nodejs10 (Moderate)	2021-01-11
oval:org.opensuse.security:def:69232	P	Security update for nodejs10 (Moderate)	2021-01-11
oval:org.opensuse.security:def:9452	P	Security update for nodejs10 (Moderate)	2021-01-11
oval:org.opensuse.security:def:118591	P	Security update for nodejs10 (Moderate)	2021-01-11
oval:org.opensuse.security:def:102829	P	Security update for nodejs10 (Moderate)	2021-01-11
oval:org.opensuse.security:def:97240	P	Security update for nodejs14 (Moderate)	2021-01-11
oval:org.opensuse.security:def:69592	P	Security update for nodejs10 (Moderate)	2021-01-11
oval:org.opensuse.security:def:96140	P	Security update for nodejs14 (Moderate)	2021-01-11
oval:org.opensuse.security:def:69263	P	Security update for nodejs10 (Moderate)	2021-01-11
oval:org.opensuse.security:def:10206	P	Security update for nodejs10 (Moderate)	2021-01-11
oval:org.opensuse.security:def:118592	P	Security update for nodejs14 (Moderate)	2021-01-11
oval:org.opensuse.security:def:109495	P	Security update for nodejs10 (Moderate)	2021-01-11
oval:org.opensuse.security:def:102830	P	Security update for nodejs14 (Moderate)	2021-01-11
oval:org.opensuse.security:def:97241	P	Security update for nodejs12 (Moderate)	2021-01-11
oval:org.opensuse.security:def:70346	P	Security update for nodejs10 (Moderate)	2021-01-11
oval:org.opensuse.security:def:20993	P	Security update for nodejs12 (Moderate)	2021-01-11
oval:org.opensuse.security:def:96141	P	Security update for nodejs12 (Moderate)	2021-01-11
oval:org.opensuse.security:def:69264	P	Security update for nodejs14 (Moderate)	2021-01-11
oval:org.opensuse.security:def:118593	P	Security update for nodejs12 (Moderate)	2021-01-11
oval:org.opensuse.security:def:109496	P	Security update for nodejs14 (Moderate)	2021-01-11
oval:org.opensuse.security:def:102831	P	Security update for nodejs12 (Moderate)	2021-01-11
oval:org.opensuse.security:def:91824	P	Security update for nodejs10 (Moderate)	2021-01-11
oval:org.opensuse.security:def:8705	P	Security update for nodejs10 (Moderate)	2021-01-11
oval:org.opensuse.security:def:98774	P	Security update for nodejs10 (Moderate)	2021-01-11
oval:org.opensuse.security:def:97238	P	Security update for nodejs10 (Moderate)	2021-01-11
oval:org.opensuse.security:def:69265	P	Security update for nodejs12 (Moderate)	2021-01-11
oval:org.opensuse.security:def:49464	P	Security update for nodejs12 (Moderate)	2021-01-11