CVE-2020-8265

Source
https://cve.org/CVERecord?id=CVE-2020-8265
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-8265.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-8265
Aliases
Downstream
Related
Published
2021-01-06T21:15:14.410Z
Modified
2026-07-10T12:01:30.711295603Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits.

Database specific
{
    "unresolved_ranges": [
        {
            "vendor_product": "nodejs:node.js",
            "cpes": [
                "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
                "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*"
            ],
            "source": "CPE_RANGE",
            "extracted_events": [
                {
                    "introduced": "10.0.0"
                },
                {
                    "fixed": "10.23.1"
                },
                {
                    "introduced": "12.0.0"
                },
                {
                    "fixed": "12.20.1"
                },
                {
                    "introduced": "14.0.0"
                },
                {
                    "fixed": "14.15.4"
                },
                {
                    "introduced": "15.0.0"
                },
                {
                    "fixed": "15.5.1"
                }
            ]
        },
        {
            "vendor_product": "siemens:sinec_infrastructure_network_services",
            "cpes": [
                "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*"
            ],
            "source": "CPE_RANGE",
            "extracted_events": [
                {
                    "fixed": "1.0.1.1"
                }
            ]
        },
        {
            "vendor_product": "debian:debian_linux",
            "cpes": [
                "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING",
            "extracted_events": [
                {
                    "introduced": "10.0"
                },
                {
                    "last_affected": "10.0"
                }
            ]
        },
        {
            "vendor_product": "fedoraproject:fedora",
            "cpes": [
                "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING",
            "extracted_events": [
                {
                    "introduced": "32"
                },
                {
                    "last_affected": "32"
                },
                {
                    "introduced": "33"
                },
                {
                    "last_affected": "33"
                }
            ]
        }
    ]
}
References

Affected packages

Git / github.com/graalvm/graalvm-ce-builds

Affected ranges

Type
GIT
Repo
https://github.com/graalvm/graalvm-ce-builds
Events
Database specific
{
    "cpe": [
        "cpe:2.3:a:oracle:graalvm:19.3.4:*:*:*:enterprise:*:*:*",
        "cpe:2.3:a:oracle:graalvm:20.3.0:*:*:*:enterprise:*:*:*"
    ],
    "source": "CPE_STRING",
    "extracted_events": [
        {
            "introduced": "19.3.4"
        },
        {
            "last_affected": "19.3.4"
        },
        {
            "introduced": "20.3.0"
        },
        {
            "last_affected": "20.3.0"
        }
    ]
}

Affected versions

19.*
19.3.4
20.*
20.3.0
vm-19.*
vm-19.3.4
vm-20.*
vm-20.3.0

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-8265.json"