DoS via use-after-free in TLS (CVE-2020-8265)
| Advisory ID | CVE Number | Date discovered | Severity | Advisory revision |
|---|---|---|---|---|
| STORM-2020-060 | CVE-2020-8265 | 11/18/2020 | low | v1 |
Vulnerability details
On the impacted NodeJS version, there is a memory allocation issue that could allow a TLS connection to lead to a DoS attack.
Impacted products
| Products | Severity | Detail |
|---|---|---|
| Stormshield Management Center | low | Patched in the 2.8.1 |
Revisions
| Version | Date | Description |
|---|---|---|
| v1 | 20/01/2021 | Initial release |
| v2 | 21/01/2021 | Correction of the excerpt section and CVE number |
Stormshield Management Center |
CVSS v2 Overall Score: 2.1
|
Analysis |
Impacted version |
|
SMC GUI and appliance server are vulnerable |
|
Workaround solution |
Solution |
|
Do not use the FQDN object on unknown domain |
The 2.8.1 update will fix this vulnerability. |
| Access vector | Access complexity | Authentication | Confidentiality impact | Integrity impact | Availability impact |
|---|---|---|---|---|---|
| Local | High | Single | None | None | Complete |
| CVSS Base score: 3.8 | CVSS Vector: (AV:L/AC:H/Au:S/C:N/I:N/A:C) |
| Exploitability | Remediation Level | Report Confidence |
|---|---|---|
| Unproven that exploit exists | Workaround | Unconfirmed |
| CVSS Temporal score: 2.8 | CVSS Vector: (AV:L/AC:H/Au:S/C:N/I:N/A:C/E:U/RL:W/RC:UC) |
| Collateral Damage Potential | Target Distribution |
|---|---|
| None | Medium [26-75%] |
| CVSS Environmental score: 2.1 | CVSS Vector: (AV:L/AC:H/Au:S/C:N/I:N/A:C/E:U/RL:W/RC:UC/CDP:N/TD:M/CR:ND/IR:ND/AR:ND) |