CVE-2020-8174

CVE-2020-8174

EPSS 7.6%CWE-119

Vexday Risk Score

3Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS —EPSS 7.6%KEV nãoPoC —Patch referenciado

Ciclo de vida

24 jul 2020Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.

Produtos afetados

n/a · https://github.com/nodejs/node

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://hackerone.com/reports/784186 https://security.gentoo.org/glsa/202101-07 https://security.netapp.com/advisory/ntap-20201023-0003/https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuoct2020.html