{"id":"CVE-2020-8265","details":"Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits.","aliases":["BIT-node-2020-8265","BIT-node-min-2020-8265"],"modified":"2026-02-11T12:50:06.203249Z","published":"2021-01-06T21:15:14.410Z","related":["ALSA-2021:0548","ALSA-2021:0549","ALSA-2021:0551","MGASA-2021-0069","SUSE-SU-2021:0060-1","SUSE-SU-2021:0061-1","SUSE-SU-2021:0062-1","SUSE-SU-2021:0068-1","SUSE-SU-2021:0082-1","SUSE-SU-2021:0107-1","openSUSE-SU-2021:0064-1","openSUSE-SU-2021:0065-1","openSUSE-SU-2021:0066-1","openSUSE-SU-2021:0082-1","openSUSE-SU-2024:11096-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H472D5HPXN6RRXCNFML3BK5OYC52CXF2/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K4I6MZNC7C7VIDQR267OL4TVCI3ZKAC4/"},{"type":"ADVISORY","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"},{"type":"ADVISORY","url":"https://hackerone.com/reports/988103"},{"type":"ADVISORY","url":"https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202101-07"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20210212-0003/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2021/dsa-4826"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"type":"REPORT","url":"https://hackerone.com/reports/988103"},{"type":"FIX","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"},{"type":"FIX","url":"https://hackerone.com/reports/988103"},{"type":"FIX","url":"https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/"},{"type":"EVIDENCE","url":"https://hackerone.com/reports/988103"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nodejs/node","events":[{"introduced":"2f45ad8060e13d5ac912335096d21526f2f9602b"},{"fixed":"87ddc7f10c6463bbcdd9dfc79f1e510a584e616e"},{"introduced":"73aa21658dfa6a22c06451d080152b32b1f98dbe"},{"fixed":"04509d6847a2d164b223a77aed0c41fe9ca60e57"},{"introduced":"cf41627411886000429bde058a6594fb7f6d6d47"},{"fixed":"811be91dfe623c7569f5fd87b1eaf46074334c94"},{"introduced":"d683e3dda09b6b3cc6cad6fd2c106e3061a48f0d"},{"fixed":"39fee5d91bc07beab14a1049358ababdd77ce3b1"}]}],"versions":["v10.0.0","v10.1.0","v10.10.0","v10.11.0","v10.12.0","v10.13.0","v10.14.0","v10.14.1","v10.14.2","v10.15.0","v10.15.1","v10.15.2","v10.15.3","v10.16.0","v10.16.1","v10.16.2","v10.16.3","v10.17.0","v10.18.0","v10.18.1","v10.19.0","v10.2.0","v10.2.1","v10.20.0","v10.20.1","v10.21.0","v10.22.0","v10.22.1","v10.23.0","v10.3.0","v10.4.0","v10.4.1","v10.5.0","v10.6.0","v10.7.0","v10.8.0","v10.9.0","v12.0.0","v12.1.0","v12.10.0","v12.11.0","v12.11.1","v12.12.0","v12.13.0","v12.13.1","v12.14.0","v12.14.1","v12.15.0","v12.16.0","v12.16.1","v12.16.2","v12.16.3","v12.17.0","v12.18.0","v12.18.1","v12.18.2","v12.18.3","v12.18.4","v12.19.0","v12.19.1","v12.2.0","v12.20.0","v12.3.0","v12.3.1","v12.4.0","v12.5.0","v12.6.0","v12.7.0","v12.8.0","v12.8.1","v12.9.0","v12.9.1","v14.0.0","v14.1.0","v14.10.0","v14.10.1","v14.11.0","v14.12.0","v14.13.0","v14.13.1","v14.14.0","v14.15.0","v14.15.1","v14.15.2","v14.15.3","v14.2.0","v14.3.0","v14.4.0","v14.5.0","v14.6.0","v14.7.0","v14.8.0","v14.9.0","v15.0.0","v15.0.1","v15.1.0","v15.2.0","v15.2.1","v15.3.0","v15.4.0","v15.5.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-8265.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}