VDB
CVE-2020-8244
CVE-2020-8244
PUBLISHED
A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, <2.2.1, and <1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls.
EPSS 1.14% · 78.8th percentile
Risk Scores
EPSS Score
1.14%
78.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | node-bl | 0, 1.1.2-1ubuntu1, 1.1.2-1 |
| Ubuntu:Pro:16.04:LTS | node-bl | 0, 0.9.3-1 |
| Ubuntu:20.04:LTS | node-bl | 1.1.2-3, 0, 4.0.0-2 |
Exploit Intelligence
- Security analysis - CVE-2020-8244 (github-poc-repo)
- Security analysis - CVE-2020-8244 (github-poc-repo)
- Security analysis - CVE-2020-8244 (github-poc-repo)
- Security analysis - CVE-2020-8244 (github-poc-repo)
- Security analysis - CVE-2020-8244 (github-poc-repo)
- Security analysis - CVE-2020-8244 (github-poc-repo)
- Security analysis - CVE-2020-8244 (github-poc-repo)
- Security analysis - CVE-2020-8244 (github-poc-repo)
- Security analysis - CVE-2020-8244 (github-poc-repo)
- Security analysis - CVE-2020-8244 (github-poc-repo)
…and 14 more exploits
Timeline
- CVE Published
- Aug 27, 2020 PoC Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-8244 third-party-advisory
- https://hackerone.com/reports/966347 third-party-advisory
- https://github.com/rvagg/bl/commit/d3e240e3b8ba4048d3c76ef5fb9dd1f8872d3190 third-party-advisory
- https://ubuntu.com/security/notices/USN-5098-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-5159-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-8244 third-party-advisory