PT-2020-4060 · Node.Js+8 · Node.Js+8
Published
2020-01-24
·
Updated
2026-05-18
·
CVE-2020-8174
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Node.js versions prior to 10.21.0
Node.js versions prior to 12.18.0
Node.js versions prior to 14.4.0
Description:
The issue is related to memory corruption in the
napi get value string *() functions, specifically napi get value string latin1(), napi get value string utf8(), and napi get value string utf16(), which can lead to buffer overflow. This can allow a remote attacker to execute arbitrary code.Recommendations:
For Node.js versions prior to 10.21.0, update to version 10.21.0 or later.
For Node.js versions prior to 12.18.0, update to version 12.18.0 or later.
For Node.js versions prior to 14.4.0, update to version 14.4.0 or later.
Exploit
Fix
Buffer Overflow
Integer Underflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Almalinux
Centos
Linuxmint
Node.Js
Red Hat
Rocky Linux
Suse
Ubuntu