CVE-2020-8174 — HIGH (8.1) — White Hats Nepal

Q: What is CVE-2020-8174?

CVE-2020-8174 is a vulnerability with a CVSS score of 8.1 (HIGH). napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.

Q: How severe is CVE-2020-8174?

CVE-2020-8174 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-8174?

Check the references section above for vendor advisories and patch information. Affected products include: Nodejs Node.Js, Oracle Banking Extensibility Workbench, Oracle Blockchain Platform, Oracle Mysql Cluster, Oracle Retail Xstore Point Of Service.

Vulnerability Description

napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Nodejs	Node.Js	< 10.21.0
Oracle	Banking Extensibility Workbench	14.3.0
Oracle	Blockchain Platform	< 21.1.2
Oracle	Mysql Cluster	<= 7.3.30
Oracle	Retail Xstore Point Of Service	16.0.6
Netapp	Active Iq Unified Manager	-
Netapp	Oncommand Insight	-
Netapp	Oncommand Workflow Automation	-
Netapp	Snapcenter	-

Related Weaknesses (CWE)

CWE-119 CWE-191

References

https://hackerone.com/reports/784186ExploitThird Party Advisory
https://security.gentoo.org/glsa/202101-07Third Party Advisory
https://security.netapp.com/advisory/ntap-20201023-0003/Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.htmlPatchThird Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.htmlPatchThird Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.htmlPatchThird Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.htmlPatchThird Party Advisory
https://hackerone.com/reports/784186ExploitThird Party Advisory
https://security.gentoo.org/glsa/202101-07Third Party Advisory
https://security.netapp.com/advisory/ntap-20201023-0003/Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.htmlPatchThird Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.htmlPatchThird Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.htmlPatchThird Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.htmlPatchThird Party Advisory

FAQ

What is CVE-2020-8174?

CVE-2020-8174 is a vulnerability with a CVSS score of 8.1 (HIGH). napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.

How severe is CVE-2020-8174?

CVE-2020-8174 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-8174?

Check the references section above for vendor advisories and patch information. Affected products include: Nodejs Node.Js, Oracle Banking Extensibility Workbench, Oracle Blockchain Platform, Oracle Mysql Cluster, Oracle Retail Xstore Point Of Service.