Unrated severityNVD Advisory· Published Nov 19, 2020· Updated Apr 30, 2025
CVE-2020-8277
CVE-2020-8277
Description
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
23- osv-coords21 versionspkg:bitnami/nodepkg:bitnami/node-minpkg:rpm/almalinux/nodejs-nodemonpkg:rpm/almalinux/nodejs-packagingpkg:rpm/opensuse/c-ares&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/c-ares&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/c-ares&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/c-ares-tests&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/c-ares-tests&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/nodejs12&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/nodejs14&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/nodejs14&distro=openSUSE%20Tumbleweedpkg:rpm/suse/c-ares&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/c-ares&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/c-ares&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/c-ares&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/c-ares&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/c-ares&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/nodejs12&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/nodejs12&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP2pkg:rpm/suse/nodejs14&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP2
>= 12.16.3, < 12.19.1+ 20 more
- (no CPE)range: >= 12.16.3, < 12.19.1
- (no CPE)range: >= 12.16.3, < 12.19.1
- (no CPE)range: < 1.18.3-1.module_el8.3.0+2023+d2377ea3
- (no CPE)range: < 17-3.module_el8.4.0+2224+b07ac28e
- (no CPE)range: < 1.17.0-lp151.3.6.1
- (no CPE)range: < 1.17.0-lp152.2.3.1
- (no CPE)range: < 1.17.2-2.2
- (no CPE)range: < 1.17.0-lp151.3.6.1
- (no CPE)range: < 1.17.0-lp152.2.3.1
- (no CPE)range: < 12.20.1-lp152.3.9.1
- (no CPE)range: < 14.15.4-lp152.5.1
- (no CPE)range: < 14.17.5-1.2
- (no CPE)range: < 1.17.0-3.8.1
- (no CPE)range: < 1.17.0-3.8.1
- (no CPE)range: < 1.17.0-3.8.1
- (no CPE)range: < 1.17.0-3.8.1
- (no CPE)range: < 1.17.0-3.8.1
- (no CPE)range: < 1.17.0-3.8.1
- (no CPE)range: < 12.19.1-1.23.1
- (no CPE)range: < 12.20.1-4.10.1
- (no CPE)range: < 14.15.4-5.6.1
Patches
Vulnerability mechanics
References
13- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A7WH7W46OZSEUHWBHD7TCH3LRFY52V6Z/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEJBY3RJB3XWUOJFGZM5E3EMQ7MFM3UT/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EEIV4CH6KNVZK63Y6EKVN2XDW7IHSJBJ/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXLJY4764LYVJPC7NCDLE2UMQ3QC5OI2/mitrevendor-advisoryx_refsource_FEDORA
- security.gentoo.org/glsa/202012-11mitrevendor-advisoryx_refsource_GENTOO
- security.gentoo.org/glsa/202101-07mitrevendor-advisoryx_refsource_GENTOO
- hackerone.com/reports/1033107mitrex_refsource_MISC
- nodejs.org/en/blog/vulnerability/november-2020-security-releases/mitrex_refsource_CONFIRM
- www.oracle.com//security-alerts/cpujul2021.htmlmitrex_refsource_MISC
- www.oracle.com/security-alerts/cpuApr2021.htmlmitrex_refsource_MISC
- www.oracle.com/security-alerts/cpuapr2022.htmlmitrex_refsource_MISC
- www.oracle.com/security-alerts/cpujan2021.htmlmitrex_refsource_MISC
- www.oracle.com/security-alerts/cpuoct2021.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.