ArchLinux: 202101-15: nodejs-lts-fermium: multiple issues
Summary
- CVE-2020-8265 (arbitrary code execution)
The nodejs release lines 15.x, 14.x, 12.x and 10.x are vulnerable to a
use-after-free bug in its TLS implementation. When writing to a TLS
enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite
with a freshly allocated WriteWrap object as first argument. If the
DoWrite method does not return an error, this object is passed back to
the caller as part of a StreamWriteResult structure. This may be
exploited to corrupt memory leading to a Denial of Service or
potentially other exploits. The issue is fixed in nodejs versions
15.5.1, 14.15.4, 12.20.1 and 10.23.1.
- CVE-2020-8287 (url request injection)
The nodejs release lines 15.x, 14.x, 12.x and 10.x allow two copies of
a header field in an HTTP request. For example, two Transfer-Encoding
header fields. In this case Node.js identifies the first header field
and ignores the second. This can lead to HTTP Request Smuggling. The
issue is fixed in nodejs versions 15.5.1, 14.15.4, 12.20.1 and 10.23.1.
Resolution
Upgrade to 14.15.4-1.
# pacman -Syu "nodejs-lts-fermium>=14.15.4-1"
The problems have been fixed upstream in version 14.15.4.
References
https://groups.google.com/g/nodejs-sec/c/kyzmwvQdUfs/m/7mjPCzY2BAAJ https://hackerone.com/users/sign_in;report_id=988103 https://github.com/nodejs/node/commit/9834ef85a0a549a45a98f04dc51af1782a7126ee https://github.com/nodejs/node/commit/4f8772f9b731118628256189b73cd202149bbd97 https://github.com/nodejs/node/commit/5b00de7d67a1372aa342115ad28edd3f78268bb6 https://github.com/nodejs/node/commit/7f178663ebffc82c9f8a5a1b6bf2da0c263a30ed https://github.com/nodejs/node/commit/357e2857c8385c303782ced2ac8b568df06d4326 https://hackerone.com/users/sign_in;subject=nodejs https://github.com/nodejs/node/commit/e0c9a2285cfe18642d15d5ed9b7122755c6e66e0 https://github.com/nodejs/node/commit/c5dbe831b714b3a98c59ba2406b791fb27016d79 https://github.com/nodejs/node/commit/641f786bb1a1f6eb1ff8750782ed939780f2b31a https://github.com/nodejs/node/commit/7ecac8143f0a91785ed0bd3b4d9aab5d98419b41 https://github.com/nodejs/node/commit/92d430917a63a567bb528100371263c46e50ee4a https://github.com/nodejs/node/commit/4a30ac8c755d0701e773831ce22153b66bb36305 https://github.com/nodejs/node/commit/420244e4d9ca6de2612e7f503f5c87e448fbc14b https://github.com/nodejs/node/commit/fc70ce08f5818a286fb5899a1bc3aff5965a745e https://github.com/nodejs/node/commit/aa6b97fb99d7528649fadb4c6a894e078fe4323c https://security.archlinux.org/CVE-2020-8265 https://security.archlinux.org/CVE-2020-8287
Workaround
None.