Описание
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | not-affected | 18.13.0+dfsg1-1ubuntu2 |
| esm-apps/bionic | released | 8.10.0~dfsg-2ubuntu0.4+esm2 |
| esm-apps/focal | released | 10.19.0~dfsg-3ubuntu1.1 |
| esm-apps/jammy | not-affected | 12.22.9~dfsg-1ubuntu3 |
| esm-apps/xenial | released | 4.2.6~dfsg-1ubuntu4.2+esm2 |
| esm-infra-legacy/trusty | not-affected | code not present |
| focal | released | 10.19.0~dfsg-3ubuntu1.1 |
| groovy | ignored | end of life |
| hirsute | ignored | end of life |
Показывать по
EPSS
6.8 Medium
CVSS2
8.1 High
CVSS3
Связанные уязвимости
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits.
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits.
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerab ...
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits.
Уязвимость реализации метода DoWrite программной платформы Node.js, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
EPSS
6.8 Medium
CVSS2
8.1 High
CVSS3