What is CVE-2020-8277?

CVE-2020-8277 is a vulnerability in Nodejs Node, classified under Uncontrolled Resource Consumption. Published 2020-11-19.

Is CVE-2020-8277 known to be exploited?

13 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Resource exhaustion in Nodejs Node

CVE-2020-8277

A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a la…

Vulnerability class: DoS (Denial of Service)

EPSS: 0.589 (98.3th percentile) — read the EPSS interpretation.

Affected products

Nodejs Node — versions 4.0, 5.0, 6.0

Weakness classification (CWE)

CWE-400 — Uncontrolled Resource Consumption

Public proof-of-concept exploits

References

hackerone.com/reports/1033107 (x_refsource_MISC)
nodejs.org/en/blog/vulnerability/november-2020-security-releases/ (x_refsource_CONFIRM)
FEDORA-2020-7473744de1 (vendor-advisory, x_refsource_FEDORA)
FEDORA-2020-307e873389 (vendor-advisory, x_refsource_FEDORA)
GLSA-202012-11 (vendor-advisory, x_refsource_GENTOO)
GLSA-202101-07 (vendor-advisory, x_refsource_GENTOO)
www.oracle.com/security-alerts/cpujan2021.html (x_refsource_MISC)
FEDORA-2021-afed2b904e (vendor-advisory, x_refsource_FEDORA)
FEDORA-2021-ee913722db (vendor-advisory, x_refsource_FEDORA)
www.oracle.com/security-alerts/cpuApr2021.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-8277?: CVE-2020-8277 is a vulnerability in Nodejs Node, classified under Uncontrolled Resource Consumption. Published 2020-11-19.
Is CVE-2020-8277 known to be exploited?: 13 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.