CVE-2020-8252 HIGH

Published: 2020-09-18 | Last Modified: 2024-11-21 | Status: Modified

Description

The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes.

Additional Descriptions (1)

La implementación de realpath en libuv versiones anteriores a versiones anteriores a 10.22.1, versiones anteriores a 12.18.4 y versiones anteriores a 14.9.0, usada dentro de Node.js determinó incorrectamente el tamaño del búfer, lo que puede resultar en un desbordamiento del búfer si la ruta resuelta tiene más de 256 bytes

CVSS Metrics

Base Score: 7.8 (HIGH)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector	LOCAL
Attack Complexity	LOW
Privileges Required	LOW
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	HIGH
Integrity Impact	HIGH
Availability Impact	HIGH

Source: [email protected]

Type: Primary

Exploitability Score: 1.8

Impact Score: 5.9

Base Score: 4.6 (MEDIUM)

AV:L/AC:L/Au:N/C:P/I:P/A:P

Access Vector	LOCAL
Access Complexity	LOW
Authentication	NONE
Confidentiality Impact	PARTIAL
Integrity Impact	PARTIAL
Availability Impact	PARTIAL

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 6.4

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-120
[email protected]	Primary	en CWE-120

Affected Products

Vendor	Product	Version	Update	Type
nodejs	node.js	*	<built-in method update of dict object at 0x72a9a1f94f40>	Application
nodejs	node.js	*	<built-in method update of dict object at 0x72a999779e00>	Application
nodejs	node.js	*	<built-in method update of dict object at 0x72a9b0c6e4c0>	Application
opensuse	leap	15.2	<built-in method update of dict object at 0x72a9997788c0>	Operating System
fedoraproject	fedora	33	<built-in method update of dict object at 0x72a9a1f95040>	Operating System

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:nodejs:node.js:::::lts:::*`
Yes	`cpe:2.3:a:nodejs:node.js:::::lts:::*`
Yes	`cpe:2.3:a:nodejs:node.js:::::-:::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:opensuse:leap:15.2:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:fedoraproject:fedora:33:::::::*`

References

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00011.html
Source: [email protected]

Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00023.html
Source: [email protected]

Mailing List Third Party Advisory
https://hackerone.com/reports/965914
Source: [email protected]

Permissions Required Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/
Source: [email protected]
https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/
Source: [email protected]

Vendor Advisory
https://security.gentoo.org/glsa/202009-15
Source: [email protected]

Third Party Advisory
https://security.netapp.com/advisory/ntap-20201009-0004/
Source: [email protected]

Third Party Advisory
https://usn.ubuntu.com/4548-1/
Source: [email protected]

Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00011.html
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00023.html
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory
https://hackerone.com/reports/965914
Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/
Source: af854a3a-2127-422b-91ae-364da2661108
https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/
Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory
https://security.gentoo.org/glsa/202009-15
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://security.netapp.com/advisory/ntap-20201009-0004/
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://usn.ubuntu.com/4548-1/
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory