{"id":"CVE-2020-8277","details":"A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions \u003c 15.2.1, \u003c 14.15.1, and \u003c 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1.","aliases":["BIT-node-2020-8277","BIT-node-min-2020-8277"],"modified":"2026-05-15T12:04:16.642438083Z","published":"2020-11-19T01:15:12.763Z","related":["ALSA-2020:5499","ALSA-2021:0551","SUSE-SU-2020:3478-1","SUSE-SU-2020:3549-1","SUSE-SU-2021:0061-1","SUSE-SU-2021:0062-1","openSUSE-SU-2020:2045-1","openSUSE-SU-2020:2092-1","openSUSE-SU-2021:0064-1","openSUSE-SU-2021:0066-1","openSUSE-SU-2024:10668-1","openSUSE-SU-2024:11096-1"],"database_specific":{"unresolved_ranges":[{"cpes":["cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*"],"source":"CPE_FIELD","extracted_events":[{"last_affected":"32"},{"last_affected":"33"}],"vendor_product":"fedoraproject:fedora"},{"cpes":["cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*"],"source":"CPE_FIELD","extracted_events":[{"fixed":"21.1.2"}],"vendor_product":"oracle:blockchain_platform"},{"cpes":["cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*"],"source":"CPE_FIELD","extracted_events":[{"fixed":"9.2.6.0"}],"vendor_product":"oracle:jd_edwards_enterpriseone_tools"},{"cpes":["cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*"],"source":"CPE_FIELD","extracted_events":[{"last_affected":"8.0.23"}],"vendor_product":"oracle:mysql_cluster"},{"cpes":["cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*","cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*","cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*","cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*"],"source":"CPE_FIELD","extracted_events":[{"last_affected":"16.0.6"},{"last_affected":"17.0.4"},{"last_affected":"18.0.3"},{"last_affected":"19.0.2"}],"vendor_product":"oracle:retail_xstore_point_of_service"}]},"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A7WH7W46OZSEUHWBHD7TCH3LRFY52V6Z/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEJBY3RJB3XWUOJFGZM5E3EMQ7MFM3UT/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EEIV4CH6KNVZK63Y6EKVN2XDW7IHSJBJ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXLJY4764LYVJPC7NCDLE2UMQ3QC5OI2/"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202012-11"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202101-07"},{"type":"REPORT","url":"https://hackerone.com/reports/1033107"},{"type":"FIX","url":"https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/"},{"type":"FIX","url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuoct2021.html"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}