CVE-2020-8174

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-8174
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-8174.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-8174
Aliases
Downstream
Related
Published
2020-07-24T22:15:12.280Z
Modified
2026-05-18T05:51:15.475488633Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

napigetvaluestring*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.

Database specific 
{
    "unresolved_ranges": [
        {
            "source": "CPE_FIELD",
            "vendor_product": "oracle:banking_extensibility_workbench",
            "cpes": [
                "cpe:2.3:a:oracle:banking_extensibility_workbench:14.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:banking_extensibility_workbench:14.4.0:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "14.3.0"
                },
                {
                    "last_affected": "14.4.0"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "vendor_product": "oracle:blockchain_platform",
            "extracted_events": [
                {
                    "fixed": "21.1.2"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*"
            ]
        },
        {
            "source": "CPE_FIELD",
            "vendor_product": "oracle:mysql_cluster",
            "cpes": [
                "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "7.3.30"
                },
                {
                    "introduced": "7.4.0"
                },
                {
                    "last_affected": "7.4.29"
                },
                {
                    "introduced": "7.5.0"
                },
                {
                    "last_affected": "7.5.19"
                },
                {
                    "introduced": "7.6.0"
                },
                {
                    "last_affected": "7.6.15"
                },
                {
                    "introduced": "8.0.0"
                },
                {
                    "last_affected": "8.0.21"
                }
            ]
        },
        {
            "source": "CPE_FIELD",
            "vendor_product": "oracle:retail_xstore_point_of_service",
            "cpes": [
                "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "16.0.6"
                },
                {
                    "last_affected": "17.0.4"
                },
                {
                    "last_affected": "18.0.3"
                },
                {
                    "last_affected": "19.0.2"
                },
                {
                    "last_affected": "20.0.1"
                }
            ]
        }
    ]
}
References

Affected packages

Git / github.com/nodejs/node

Affected ranges

Type
GIT
Repo
https://github.com/nodejs/node
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
23adb548a57db0c56e359265108e7fe71d8b4f73
Introduced
2f45ad8060e13d5ac912335096d21526f2f9602b
Fixed
f19f5b34d7c4e9a4e339b40bc791c78469091704
Introduced
73aa21658dfa6a22c06451d080152b32b1f98dbe
Fixed
27adbf027f2dd3a75b22518f6825e1a1937059d1
Database specific 
{
    "cpe": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "10.21.0"
        },
        {
            "introduced": "12.0.0"
        },
        {
            "fixed": "12.18.0"
        },
        {
            "introduced": "14.0.0"
        },
        {
            "fixed": "14.4.0"
        }
    ]
}

Affected versions

v0.*
v0.0.1
v0.0.2
v0.0.3
v0.0.4
v0.0.6
v0.1.0
v0.1.1
v0.1.10
v0.1.100
v0.1.101
v0.1.102
v0.1.103
v0.1.104
v0.1.11
v0.1.12
v0.1.13
v0.1.14
v0.1.15
v0.1.16
v0.1.17
v0.1.18
v0.1.19
v0.1.2
v0.1.20
v0.1.21
v0.1.22
v0.1.23
v0.1.24
v0.1.25
v0.1.26
v0.1.27
v0.1.28
v0.1.29
v0.1.3
v0.1.30
v0.1.31
v0.1.32
v0.1.33
v0.1.4
v0.1.5
v0.1.6
v0.1.7
v0.1.8
v0.1.9
v0.1.92
v0.1.93
v0.1.94
v0.1.95
v0.1.96
v0.1.97
v0.1.98
v0.1.99
v0.2.0
v0.3.0
v0.3.1
v0.3.2
v0.3.4
v0.3.5
v0.3.6
v0.3.7
v0.3.8
v0.4.0
v0.5.0
v0.5.1
v0.5.10
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.5-rc1
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.6.1
v0.7.0
v0.7.2
v0.7.3
v1.*
v1.0.1
v1.0.1-release
v1.0.2
v1.0.2-release
v1.0.3
v1.0.4
v1.1.0
v1.2.0
v1.3.0
v1.4.1
v1.4.2
v1.4.3
v1.5.0
v1.5.1
v1.6.0
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.7.0
v1.7.1
v10.*
v10.0.0
v10.1.0
v10.10.0
v10.11.0
v10.12.0
v10.13.0
v10.14.0
v10.14.1
v10.14.2
v10.15.0
v10.15.1
v10.15.2
v10.15.3
v10.16.0
v10.16.1
v10.16.2
v10.16.3
v10.17.0
v10.18.0
v10.18.1
v10.19.0
v10.2.0
v10.2.1
v10.20.0
v10.20.1
v10.3.0
v10.4.0
v10.4.1
v10.5.0
v10.6.0
v10.7.0
v10.8.0
v10.9.0
v12.*
v12.0.0
v12.1.0
v12.10.0
v12.11.0
v12.11.1
v12.12.0
v12.13.0
v12.13.1
v12.14.0
v12.14.1
v12.15.0
v12.16.0
v12.16.1
v12.16.2
v12.16.3
v12.17.0
v12.2.0
v12.3.0
v12.3.1
v12.4.0
v12.5.0
v12.6.0
v12.7.0
v12.8.0
v12.8.1
v12.9.0
v12.9.1
v14.*
v14.0.0
v14.1.0
v14.2.0
v14.3.0
v2.*
v2.0.0
v2.0.1
v2.0.2
v2.1.0
v2.2.0
v2.2.1
v2.3.0
v2.3.1
v2.3.2
v2.3.3
v2.3.4
v2.4.0
v2.5.0
v3.*
v3.0.0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-8174.json"