CVE-2020-8277

A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:oracle:graalvm:19.3.4:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:graalvm:20.3.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:c-ares_project:c-ares:*:*:*:*:*:*:*:*

Information

Published : 2020-11-18 17:15

Updated : 2022-05-10 08:25


NVD link : CVE-2020-8277

Mitre link : CVE-2020-8277


JSON object : View

CWE
CWE-400

Uncontrolled Resource Consumption

Advertisement

dedicated server usa

Products Affected

c-ares_project

  • c-ares

oracle

  • graalvm
  • mysql_cluster
  • blockchain_platform
  • jd_edwards_enterpriseone_tools
  • retail_xstore_point_of_service

nodejs

  • node.js

fedoraproject

  • fedora