Bugzilla – Bug 1180553
VUL-0: CVE-2020-8265: nodejs10,nodejs12,nodejs14,nodejs15: use-after-free in TLSWrap
Last modified: 2021-09-03 18:38:40 UTC
use-after-free in TLSWrap (High) (CVE-2020-8265) Affected Node.js versions are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits. Impacts: All versions of the 15.x, 14.x, 12.x and 10.x releases lines Thank you to Felix Wilhelm from Google Project Zero for reporting this vulnerability. https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/
This is an autogenerated message for OBS integration: This bug (1180553) was mentioned in https://build.opensuse.org/request/show/860411 Factory / nodejs10
This is an autogenerated message for OBS integration: This bug (1180553) was mentioned in https://build.opensuse.org/request/show/860426 Factory / nodejs12 https://build.opensuse.org/request/show/860436 Factory / nodejs14
Fix patch at https://github.com/nodejs/node/commit/7f178663eb Reproducer at, https://github.com/nodejs/node/commit/357e2857c8 This does not trigger for me on any of the released versions. Investigating.
Created attachment 844997 [details] poc Unfortunately, the upstream test case does not trigger the issue but unwinding it into 2 processes results in a reproducer. The poc is from test-tls-use-after-free-regression.js To reproduce: valgrind --trace-children=yes node server.js And then to trigger, node poc.js Triggers on vulnerable node10+. node8 does not trigger.
SUSE-SU-2021:0061-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 1178882,1180553,1180554 CVE References: CVE-2020-8265,CVE-2020-8277,CVE-2020-8287 JIRA References: Sources used: SUSE Linux Enterprise Module for Web Scripting 15-SP2 (src): nodejs14-14.15.4-5.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:0068-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 1179491,1180553,1180554 CVE References: CVE-2020-1971,CVE-2020-8265,CVE-2020-8287 JIRA References: Sources used: SUSE Linux Enterprise Module for Web Scripting 12 (src): nodejs12-12.20.1-1.26.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:0062-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 1178882,1179491,1180553,1180554 CVE References: CVE-2020-1971,CVE-2020-8265,CVE-2020-8277,CVE-2020-8287 JIRA References: Sources used: SUSE Linux Enterprise Module for Web Scripting 15-SP2 (src): nodejs12-12.20.1-4.10.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:0060-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 1179491,1180553,1180554 CVE References: CVE-2020-1971,CVE-2020-8265,CVE-2020-8287 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15 (src): nodejs10-10.23.1-1.30.1 SUSE Linux Enterprise Server 15-LTSS (src): nodejs10-10.23.1-1.30.1 SUSE Linux Enterprise Module for Web Scripting 15-SP2 (src): nodejs10-10.23.1-1.30.1 SUSE Linux Enterprise Module for Web Scripting 15-SP1 (src): nodejs10-10.23.1-1.30.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): nodejs10-10.23.1-1.30.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): nodejs10-10.23.1-1.30.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:0082-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 1179491,1180553,1180554 CVE References: CVE-2020-1971,CVE-2020-8265,CVE-2020-8287 JIRA References: Sources used: SUSE Linux Enterprise Module for Web Scripting 12 (src): nodejs10-10.23.1-1.33.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:0107-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1180553,1180554 CVE References: CVE-2020-8265,CVE-2020-8287 JIRA References: Sources used: SUSE Linux Enterprise Module for Web Scripting 12 (src): nodejs14-14.15.4-6.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:0064-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 1178882,1179491,1180553,1180554 CVE References: CVE-2020-1971,CVE-2020-8265,CVE-2020-8277,CVE-2020-8287 JIRA References: Sources used: openSUSE Leap 15.2 (src): nodejs12-12.20.1-lp152.3.9.1
openSUSE-SU-2021:0065-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 1179491,1180553,1180554 CVE References: CVE-2020-1971,CVE-2020-8265,CVE-2020-8287 JIRA References: Sources used: openSUSE Leap 15.2 (src): nodejs10-10.23.1-lp152.2.9.1
openSUSE-SU-2021:0066-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 1178882,1180553,1180554 CVE References: CVE-2020-8265,CVE-2020-8277,CVE-2020-8287 JIRA References: Sources used: openSUSE Leap 15.2 (src): nodejs14-14.15.4-lp152.5.1
openSUSE-SU-2021:0082-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 1179491,1180553,1180554 CVE References: CVE-2020-1971,CVE-2020-8265,CVE-2020-8287 JIRA References: Sources used: openSUSE Leap 15.1 (src): nodejs10-10.23.1-lp151.2.15.1