Bug 1845256 (CVE-2020-8174) - CVE-2020-8174 nodejs: memory corruption in napi_get_value_string_* functions
Summary: CVE-2020-8174 nodejs: memory corruption in napi_get_value_string_* functions
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-8174
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1845263 1845257 1845258 1845259 1845260 1845261 1845262 1846230 1846231 1846232 1846233 1846234 1851861 1851863 1853305 1853306 1853317 1853318 1853319
Blocks: 1845265
TreeView+ depends on / blocked
 
Reported: 2020-06-08 19:05 UTC by Guilherme de Almeida Suckevicz
Modified: 2021-06-07 14:50 UTC (History)
18 users (show)

Fixed In Version: nodejs-10.21.0, nodejs-12.18.0, nodejs-14.4.0
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in nodejs. Calling napi_get_value_string_latin1(), napi_get_value_string_utf8(), or napi_get_value_string_utf16() with a non-NULL buf, and a bufsize of 0 will cause the entire string value to be written to buf, probably overrunning the length of the buffer.
Clone Of:
Environment:
Last Closed: 2020-07-07 13:27:52 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2020:2900 0 None None None 2020-07-13 18:24:57 UTC
Red Hat Product Errata RHBA-2020:3095 0 None None None 2020-07-22 11:25:49 UTC
Red Hat Product Errata RHBA-2020:3149 0 None None None 2020-07-27 03:19:54 UTC
Red Hat Product Errata RHBA-2020:3269 0 None None None 2020-08-03 07:54:40 UTC
Red Hat Product Errata RHBA-2020:3529 0 None None None 2020-08-20 10:29:49 UTC
Red Hat Product Errata RHBA-2020:3530 0 None None None 2020-08-20 10:23:49 UTC
Red Hat Product Errata RHSA-2020:2847 0 None None None 2020-07-07 09:12:20 UTC
Red Hat Product Errata RHSA-2020:2848 0 None None None 2020-07-07 09:23:22 UTC
Red Hat Product Errata RHSA-2020:2849 0 None None None 2020-07-07 09:15:09 UTC
Red Hat Product Errata RHSA-2020:2852 0 None None None 2020-07-07 09:39:49 UTC
Red Hat Product Errata RHSA-2020:2895 0 None None None 2020-07-13 10:48:21 UTC
Red Hat Product Errata RHSA-2020:3042 0 None None None 2020-07-21 14:33:05 UTC
Red Hat Product Errata RHSA-2020:3084 0 None None None 2020-07-21 19:29:06 UTC

Description Guilherme de Almeida Suckevicz 2020-06-08 19:05:25 UTC
Calling napi_get_value_string_latin1(), napi_get_value_string_utf8(), or napi_get_value_string_utf16() with a non-NULL buf, and a bufsize of 0 will cause the entire string value to be written to buf, probably overrunning the length of the buffer.

Reference:
https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/

Comment 1 Guilherme de Almeida Suckevicz 2020-06-08 19:06:15 UTC
Created nodejs tracking bugs for this issue:

Affects: epel-all [bug 1845263]
Affects: fedora-all [bug 1845257]


Created nodejs:10/nodejs tracking bugs for this issue:

Affects: fedora-all [bug 1845260]


Created nodejs:11/nodejs tracking bugs for this issue:

Affects: fedora-all [bug 1845258]


Created nodejs:12/nodejs tracking bugs for this issue:

Affects: fedora-all [bug 1845259]


Created nodejs:13/nodejs tracking bugs for this issue:

Affects: fedora-all [bug 1845261]


Created nodejs:14/nodejs tracking bugs for this issue:

Affects: fedora-all [bug 1845262]

Comment 8 Jason Shepherd 2020-06-11 20:28:04 UTC
Statement:

NodeJS is a build time dependency of Red Hat Quay and is not used at runtime. Therefore this issue will not fixed in Quay 3.3.

Comment 9 Laurie Morse 2020-06-15 18:15:05 UTC
What is the ETA for this fix with RHEL 8 and NodeJS 12?  We have a release deadline for July and this CVE is needed.

Comment 10 Cedric Buissart 2020-06-15 18:56:34 UTC
In reply to comment #9:
> What is the ETA for this fix with RHEL 8 and NodeJS 12?  We have a release
> deadline for July and this CVE is needed.
This issue is currently treated with a Moderate severity : this flaw is currently theoretical only. It is considered unlikely that the vulnerability can be triggered from Node.JS.

Comment 18 errata-xmlrpc 2020-07-07 09:12:16 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2020:2847 https://access.redhat.com/errata/RHSA-2020:2847

Comment 19 errata-xmlrpc 2020-07-07 09:15:06 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2020:2849 https://access.redhat.com/errata/RHSA-2020:2849

Comment 20 errata-xmlrpc 2020-07-07 09:23:18 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:2848 https://access.redhat.com/errata/RHSA-2020:2848

Comment 21 errata-xmlrpc 2020-07-07 09:39:47 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:2852 https://access.redhat.com/errata/RHSA-2020:2852

Comment 22 Product Security DevOps Team 2020-07-07 13:27:52 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-8174

Comment 23 Cedric Buissart 2020-07-10 07:12:44 UTC
External References:

https://hackerone.com/reports/784186

Comment 24 errata-xmlrpc 2020-07-13 10:48:17 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS

Via RHSA-2020:2895 https://access.redhat.com/errata/RHSA-2020:2895

Comment 25 errata-xmlrpc 2020-07-21 14:33:02 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:3042 https://access.redhat.com/errata/RHSA-2020:3042

Comment 26 errata-xmlrpc 2020-07-21 19:29:05 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS

Via RHSA-2020:3084 https://access.redhat.com/errata/RHSA-2020:3084


Note You need to log in before you can comment on or make changes to this bug.