CVE-2020-8174

CWE-119 — Buffer Overflow CWE-19119 documents10 sources

Severity

8.1HIGH

EPSS

1.5%

top 18.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nodejs Node.js Oracle Blockchain Platform Oracle Mysql Cluster +3 more

Timeline

PublishedJul 24

Latest updateSep 19

Description

napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages7 packages

▶NVDnodejs/node.js12.0.0 — 12.18.0+2

▶Debiannodejs< 10.21.0~dfsg-1+3

▶CVEListV5https://github.com/nodejs/node10.21.0,12.18.0,14.4.0

▶NVDoracle/blockchain_platform< 21.1.2

▶NVDoracle/mysql_cluster7.4.0 — 7.4.29+4

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-gcvv-7whm-pv7c: napi_get_value_string_*() allows various kinds of memory corruption in node < 10↗2022-05-24

▶

CVEList

CVE-2020-8174: napi_get_value_string_*() allows various kinds of memory corruption in node < 10↗2020-07-24

▶

OSV

CVE-2020-8174: napi_get_value_string_*() allows various kinds of memory corruption in node < 10↗2020-07-24

▶

📋Vendor Advisories

Ubuntu

Node.js vulnerabilities↗2023-09-19

▶

Oracle

Oracle Oracle Blockchain Platform Risk Matrix: BCS Console (Node.js) — CVE-2020-8174↗2022-04-15

▶

Oracle

Oracle Oracle Financial Services Applications Risk Matrix: Core (Node.js) — CVE-2020-8174↗2021-01-15

▶

Oracle

Oracle Oracle MySQL Risk Matrix: Cluster: JS module (Node.js) — CVE-2020-8174↗2020-10-15

▶

Microsoft

napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0 12.18.0 and < 14.4.0.↗2020-07-14

▶

💬Community

Bugzilla

CVE-2020-8174 nodejs: memory corruption in napi_get_value_string_* functions [fedora-all]↗2020-06-08

▶

Bugzilla

CVE-2020-8174 nodejs: memory corruption in napi_get_value_string_* functions↗2020-06-08

▶

Bugzilla

CVE-2020-8174 nodejs:12/nodejs: memory corruption in napi_get_value_string_* functions [fedora-all]↗2020-06-08

▶

Bugzilla

CVE-2020-8174 nodejs:14/nodejs: memory corruption in napi_get_value_string_* functions [fedora-all]↗2020-06-08

▶

Bugzilla

CVE-2020-8174 nodejs:10/nodejs: memory corruption in napi_get_value_string_* functions [fedora-all]↗2020-06-08

▶