cbcvebase.
CVE-2020-8174
published 2020-07-24

CVE-2020-8174: napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.

high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.

Affected

26 ranges· showing 25
VendorProductVersion rangeFixed in
debiannodejs< nodejs 10.21.0~dfsg-1 (bookworm)nodejs 10.21.0~dfsg-1 (bookworm)
httpsgithub.com_nodejs_node
msrccm1_nodejs_14.17.2-1_on_cbl_mariner_1.0
nodejsnode.js< 10.21.010.21.0
nodejsnode.js>= 12.0.0 < 12.18.012.18.0
nodejsnode.js>= 14.0.0 < 14.4.014.4.0
nodejsnodejs>= 0 < 10.21.0~dfsg-110.21.0~dfsg-1
nodejsnodejs>= 0 < 10.21.0~dfsg-110.21.0~dfsg-1
nodejsnodejs>= 0 < 10.21.0~dfsg-110.21.0~dfsg-1
nodejsnodejs>= 0 < 10.21.0~dfsg-110.21.0~dfsg-1
nodejsnodejs>= 0 < 10.19.0~dfsg-3ubuntu1.110.19.0~dfsg-3ubuntu1.1
nodejsnodejs>= 0 < 4.2.6~dfsg-1ubuntu4.2+esm24.2.6~dfsg-1ubuntu4.2+esm2
nodejsnodejs>= 0 < 8.10.0~dfsg-2ubuntu0.4+esm28.10.0~dfsg-2ubuntu0.4+esm2
oraclebanking_extensibility_workbench
oraclebanking_extensibility_workbench
oracleblockchain_platform< 21.1.221.1.2
oraclemysql_cluster<= 7.3.30
oraclemysql_cluster7.4.0 – 7.4.29
oraclemysql_cluster7.5.0 – 7.5.19
oraclemysql_cluster7.6.0 – 7.6.15
oraclemysql_cluster8.0.0 – 8.0.21
oracleretail_xstore_point_of_service
oracleretail_xstore_point_of_service
oracleretail_xstore_point_of_service
oracleretail_xstore_point_of_service

CVSS provenance

nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
osv8.1HIGH