CVE-2020-8174
Description
napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.
Risk Information
Base Score
8.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.546
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-8172,CVE-2020-11080,CVE-2020-8174,CVE-2020-10531 are fixed in Node.js 12 (x64) (12.18.0) | Windows |
| Vulnerabilities CVE-2020-8172,CVE-2020-11080,CVE-2020-8174,CVE-2020-10531 are fixed in Node.js 12 (12.18.0) | Windows |
| Vulnerabilities CVE-2020-8172,CVE-2020-11080,CVE-2020-8174,CVE-2020-10531 are fixed in Node.js 14 (14.21.3) | Windows |
| Vulnerabilities CVE-2020-8172,CVE-2020-11080,CVE-2020-8174,CVE-2020-10531 are fixed in Node.js 14 (x64) (14.21.3) | Windows |
| Vulnerabilities CVE-2020-8172,CVE-2020-11080,CVE-2020-8174,CVE-2020-10531 are fixed in Node.js 10 (x64) (10.21.0) | Windows |
| Vulnerabilities CVE-2020-8172,CVE-2020-11080,CVE-2020-8174,CVE-2020-10531 are fixed in Node.js 10 (10.21.0) | Windows |
| Vulnerabilities CVE-2020-8172,CVE-2020-11080,CVE-2020-8174,CVE-2020-10531 are fixed in Node.js 10 (x64) (10.24.1) | Windows |
| Multiple Vulnerabilities are affected in Netapp Active Iq Unified Manager 2.3 | Windows |
| Multiple Vulnerabilities are affected in Netapp Oncommand Insight 2.3 | Windows |
| Multiple Vulnerabilities are affected in Netapp Snapcenter 2.3 | Windows |
| Multiple Vulnerabilities are affected in Netapp Oncommand Workflow Automation 2.3 | Windows |
| Vulnerabilities CVE-2020-8172,CVE-2020-8174 are affected in MySQL Cluster 7.3.30 | Windows |
| Vulnerabilities CVE-2020-8172,CVE-2020-8174 are affected in MySQL Cluster 7.4.29 | Windows |
| Vulnerabilities CVE-2020-8172,CVE-2020-8174 are affected in MySQL Cluster 7.5.19 | Windows |
| Vulnerabilities CVE-2020-8172,CVE-2020-8174 are affected in MySQL Cluster 7.6.15 | Windows |
| Vulnerabilities CVE-2020-14853,CVE-2020-8172,CVE-2020-8174 are affected in MySQL Cluster 8.0.21 | Windows |
| nodejs security update(DSA-4696-1) nodejs_10.21.0~dfsg-1~deb10u1_i386.deb | Linux |
| nodejs security update(DSA-4696-1) nodejs_10.21.0~dfsg-1~deb10u1_amd64.deb | Linux |
| (RHSA-2020:2848) nodejs:10 security update nodejs-10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64.rpm | Linux |
| (RHSA-2020:2848) nodejs:10 security update nodejs-debugsource-10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64.rpm | Linux |
| (RHSA-2020:2848) nodejs:10 security update nodejs-devel-10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64.rpm | Linux |
| (RHSA-2020:2848) nodejs:10 security update nodejs-docs-10.21.0-3.module+el8.2.0+7071+d2377ea3.noarch.rpm | Linux |
| (RHSA-2020:2848) nodejs:10 security update nodejs-full-i18n-10.21.0-3.module+el8.2.0+7071+d2377ea3.x86_64.rpm | Linux |
| (RHSA-2020:2848) nodejs:10 security update npm-6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3.x86_64.rpm | Linux |
| (RHSA-2020:2852) nodejs:12 security update nodejs-12.18.2-1.module+el8.2.0+7233+61d664c1.x86_64.rpm | Linux |
| (RHSA-2020:2852) nodejs:12 security update nodejs-debugsource-12.18.2-1.module+el8.2.0+7233+61d664c1.x86_64.rpm | Linux |
| (RHSA-2020:2852) nodejs:12 security update nodejs-devel-12.18.2-1.module+el8.2.0+7233+61d664c1.x86_64.rpm | Linux |
| (RHSA-2020:2852) nodejs:12 security update nodejs-docs-12.18.2-1.module+el8.2.0+7233+61d664c1.noarch.rpm | Linux |
| (RHSA-2020:2852) nodejs:12 security update nodejs-full-i18n-12.18.2-1.module+el8.2.0+7233+61d664c1.x86_64.rpm | Linux |
| (RHSA-2020:2852) nodejs:12 security update npm-6.14.5-1.12.18.2.1.module+el8.2.0+7233+61d664c1.x86_64.rpm | Linux |
| An open-source, cross-platform JavaScript runtime environment. (USN-6380-1) nodejs_10.19.0~dfsg-3ubuntu1.1_amd64.deb | Linux |
| An open-source, cross-platform JavaScript runtime environment. (USN-6380-1) nodejs_4.2.6~dfsg-1ubuntu4.2_i386.deb | Linux |
| An open-source, cross-platform JavaScript runtime environment. (USN-6380-1) nodejs_4.2.6~dfsg-1ubuntu4.2_amd64.deb | Linux |
| An open-source, cross-platform JavaScript runtime environment. (USN-6380-1) nodejs_8.10.0~dfsg-2ubuntu0.4_i386.deb | Linux |
| An open-source, cross-platform JavaScript runtime environment. (USN-6380-1) nodejs_8.10.0~dfsg-2ubuntu0.4_amd64.deb | Linux |
| An open-source, cross-platform JavaScript runtime environment. (USN-6380-1) libnode64_10.19.0~dfsg-3ubuntu1.1_amd64.deb | Linux |
| An open-source, cross-platform JavaScript runtime environment. (USN-6380-1) nodejs-dev_4.2.6~dfsg-1ubuntu4.2_i386.deb | Linux |
| An open-source, cross-platform JavaScript runtime environment. (USN-6380-1) nodejs-dev_4.2.6~dfsg-1ubuntu4.2_amd64.deb | Linux |
| An open-source, cross-platform JavaScript runtime environment. (USN-6380-1) nodejs-dev_8.10.0~dfsg-2ubuntu0.4_i386.deb | Linux |
| An open-source, cross-platform JavaScript runtime environment. (USN-6380-1) nodejs-dev_8.10.0~dfsg-2ubuntu0.4_amd64.deb | Linux |
| An open-source, cross-platform JavaScript runtime environment. (USN-6380-1) libnode-dev_10.19.0~dfsg-3ubuntu1.1_amd64.deb | Linux |
| An open-source, cross-platform JavaScript runtime environment. (USN-6380-1) nodejs-legacy_4.2.6~dfsg-1ubuntu4.2_all.deb | Linux |
| Nodejs-nodemon update (ELSA-2020-2848) nodejs-nodemon-1.18.3-1.module+el8.1.0+5392+4d6b561f.noarch.rpm | Linux |
| Nodejs-packaging update (ELSA-2020-2848) nodejs-packaging-17-3.module+el8.1.0+5392+4d6b561f.noarch.rpm | Linux |
| Integer Underflow (Wrap or Wraparound) Vulnerability (CVE-2020-8174) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-324371 | Node.js 12 (x64) (12.22.12) |
| PATCH-324370 | Node.js 12 (12.22.12) |
| PATCH-329082 | Node.js 14 (14.21.3) |
| PATCH-329083 | Node.js 14 (x64) (14.21.3) |
| PATCH-319043 | Node.js 10 (x64) (10.24.1) |
| PATCH-319042 | Node.js 10 (10.24.1) |
| PATCH-319043 | Node.js 10 (x64) (10.24.1) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234