CVE-2020-8277

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1.

References

https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/

https://hackerone.com/reports/1033107

https://lists.fedoraproject.org/archives/list/[email protected]/message/A7WH7W46OZSEUHWBHD7TCH3LRFY52V6Z/

https://lists.fedoraproject.org/archives/list/[email protected]/message/BEJBY3RJB3XWUOJFGZM5E3EMQ7MFM3UT/

https://security.gentoo.org/glsa/202012-11

https://security.gentoo.org/glsa/202101-07

https://www.oracle.com/security-alerts/cpujan2021.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/EEIV4CH6KNVZK63Y6EKVN2XDW7IHSJBJ/

https://lists.fedoraproject.org/archives/list/[email protected]/message/VXLJY4764LYVJPC7NCDLE2UMQ3QC5OI2/

https://www.oracle.com/security-alerts/cpuApr2021.html

Details

Source: MITRE

Published: 2020-11-19

Updated: 2021-07-20

Type: CWE-400

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Tenable Plugins

View all (34 total)

IDNameProductFamilySeverity
151495F5 Networks BIG-IP : Node.js vulnerability (K07944249)NessusF5 Networks Local Security Checks
high
150178EulerOS 2.0 SP9 : c-ares (EulerOS-SA-2021-1941)NessusHuawei Local Security Checks
high
150170EulerOS 2.0 SP9 : c-ares (EulerOS-SA-2021-1920)NessusHuawei Local Security Checks
high
148869FreeBSD : MySQL -- Multiple vulnerabilities (56ba4513-a1be-11eb-9072-d4c9ef517024)NessusFreeBSD Local Security Checks
high
148822Photon OS 2.0: C PHSA-2021-2.0-0337NessusPhotonOS Local Security Checks
high
148814Photon OS 1.0: C PHSA-2021-1.0-0378NessusPhotonOS Local Security Checks
high
148617EulerOS Virtualization 2.9.0 : c-ares (EulerOS-SA-2021-1756)NessusHuawei Local Security Checks
high
148576EulerOS Virtualization 2.9.1 : c-ares (EulerOS-SA-2021-1710)NessusHuawei Local Security Checks
high
148351Photon OS 4.0: Nodejs PHSA-2021-4.0-0007NessusPhotonOS Local Security Checks
high
148129Photon OS 3.0: C PHSA-2021-3.0-0209NessusPhotonOS Local Security Checks
high
148027Photon OS 4.0: C PHSA-2021-4.0-0006NessusPhotonOS Local Security Checks
high
146840Fedora 33 : mingw-c-ares (2021-ee913722db)NessusFedora Local Security Checks
high
146834Fedora 32 : mingw-c-ares (2021-afed2b904e)NessusFedora Local Security Checks
high
146637Oracle Linux 8 : nodejs:14 (ELSA-2021-0551)NessusOracle Linux Local Security Checks
high
146548CentOS 8 : nodejs:14 (CESA-2021:0551)NessusCentOS Local Security Checks
high
146540RHEL 8 : nodejs:14 (RHSA-2021:0551)NessusRed Hat Local Security Checks
high
145990CentOS 8 : nodejs:12 (CESA-2020:5499)NessusCentOS Local Security Checks
high
145371openSUSE Security Update : nodejs12 (openSUSE-2021-64)NessusSuSE Local Security Checks
high
145286openSUSE Security Update : nodejs14 (openSUSE-2021-66)NessusSuSE Local Security Checks
high
144921SUSE SLES15 Security Update : nodejs12 (SUSE-SU-2021:0062-1)NessusSuSE Local Security Checks
high
144910SUSE SLES15 Security Update : nodejs14 (SUSE-SU-2021:0061-1)NessusSuSE Local Security Checks
high
144864GLSA-202101-07 : NodeJS: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
144603GLSA-202012-11 : c-ares: Denial of serviceNessusGentoo Local Security Checks
high
144390RHEL 8 : nodejs:12 (RHSA-2020:5499)NessusRed Hat Local Security Checks
high
144372Oracle Linux 8 : nodejs:12 (ELSA-2020-5499)NessusOracle Linux Local Security Checks
high
143778SUSE SLED15 / SLES15 Security Update : c-ares (SUSE-SU-2020:3478-1)NessusSuSE Local Security Checks
high
143752SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2020:3549-1)NessusSuSE Local Security Checks
high
143458Fedora 32 : c-ares (2020-307e873389)NessusFedora Local Security Checks
high
143423Node.js 12.16.3 < 12.19.1 / 14.13.0 < 14.15.1 / 15.x < 15.2.1 DoS (November 2020 Security Releases)NessusMisc.
high
143342openSUSE Security Update : c-ares (openSUSE-2020-2092)NessusSuSE Local Security Checks
high
143327openSUSE Security Update : c-ares (openSUSE-2020-2045)NessusSuSE Local Security Checks
high
143293Fedora 33 : c-ares (2020-7473744de1)NessusFedora Local Security Checks
high
143175FreeBSD : Node.js -- November 2020 Security Releases (ad792169-2aa4-11eb-ab71-0022489ad614)NessusFreeBSD Local Security Checks
high
143120Ubuntu 20.10 : c-ares vulnerability (USN-4638-1)NessusUbuntu Local Security Checks
high