DNS DoS sur NodeJS

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2020-061 CVE-2020-8277 11/18/2020 low v1

Vulnerability details

A vulnerability in the C-Ares composant of nodeJS allow an attacker to cause a DoS attack by asking for the resolution of a domain where the list of server is too big.

Impacted products

ProductsSeverityDetail
Stormshield Management Center low Patched in the 2.8.1

Revisions

Version Date Description
v1  20/01/2021 Initial release
v2 21/01/2021 Correction of the excerpt section and CVE number
v3 28/01/2021 Review impacted version

 



Stormshield Management Center

CVSS v2 Overall Score: 1.3      

Analysis

Impacted version

On SMC this can only happened when a user try to resolv an FQDN object.

  • SMC bellow 2.8.1

Workaround solution

Solution

There is no workaround solution.

The 2.8.1 update will fix this vulnerability.



Access vector Access complexity Authentication Confidentiality impact Integrity impact Availability impact
Network High None None None Partial
CVSS Base score: 2.6 CVSS Vector: (AV:N/AC:H/Au:N/C:N/I:N/A:P)
Exploitability Remediation Level Report Confidence
Unproven that exploit exists Official fix Unconfirmed
CVSS Temporal score: 1.7 CVSS Vector: (AV:N/AC:H/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:UC)
Collateral Damage Potential Target Distribution
None Medium [26-75%]
CVSS Environmental score: 1.3 CVSS Vector: (AV:N/AC:H/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:UC/CDP:N/TD:M/CR:ND/IR:ND/AR:ND)