CVE-2020-8174

Exploit

EPSS 1.49%
Published 24.07.2020 22:15:12
Last modified 21.11.2024 05:38:26
Source support@hackerone.com
Teams watchlist Login
Open Login

napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.

Affected products Warnungen 0 Metrics 3 CWE 2 References 10

Data is provided by the National Vulnerability Database (NVD)

Nodejs ≫ Node.Js SwEdition- Version < 10.21.0

Nodejs ≫ Node.Js SwEdition- Version >= 12.0.0 < 12.18.0

Nodejs ≫ Node.Js SwEdition- Version >= 14.0.0 < 14.4.0

Oracle ≫ Banking Extensibility Workbench Version14.3.0

Oracle ≫ Banking Extensibility Workbench Version14.4.0

Oracle ≫ Blockchain Platform Version < 21.1.2

Oracle ≫ Mysql Cluster Version <= 7.3.30

Oracle ≫ Mysql Cluster Version >= 7.4.0 <= 7.4.29

Oracle ≫ Mysql Cluster Version >= 7.5.0 <= 7.5.19

Oracle ≫ Mysql Cluster Version >= 7.6.0 <= 7.6.15

Oracle ≫ Mysql Cluster Version >= 8.0.0 <= 8.0.21

Oracle ≫ Retail Xstore Point Of Service Version16.0.6

Oracle ≫ Retail Xstore Point Of Service Version17.0.4

Oracle ≫ Retail Xstore Point Of Service Version18.0.3

Oracle ≫ Retail Xstore Point Of Service Version19.0.2

Oracle ≫ Retail Xstore Point Of Service Version20.0.1

Netapp ≫ Active Iq Unified Manager Version- SwPlatformvmware_vsphere

Netapp ≫ Active Iq Unified Manager Version- SwPlatformwindows

Netapp ≫ Oncommand Insight Version-

Netapp ≫ Oncommand Workflow Automation Version-

Netapp ≫ Snapcenter Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.49%	0.804

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-191 Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

https://www.oracle.com/security-alerts/cpujan2021.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpuapr2022.html

Patch

Third Party Advisory

https://www.oracle.com//security-alerts/cpujul2021.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2020.html

Patch

Third Party Advisory