DNS DoS sur NodeJS

DNS DoS sur NodeJS

Advisory ID	CVE Number	Date discovered	Severity	Advisory revision
STORM-2020-061	CVE-2020-8277	11/18/2020	low	v1

Vulnerability details

A vulnerability in the C-Ares composant of nodeJS allow an attacker to cause a DoS attack by asking for the resolution of a domain where the list of server is too big.

Impacted products

Products	Severity	Detail
Stormshield Management Center	low	Patched in the 2.8.1

Revisions

Version	Date	Description
v1	20/01/2021	Initial release
v2	21/01/2021	Correction of the excerpt section and CVE number
v3	28/01/2021	Review impacted version

Stormshield Management Center

CVSS v2 Overall Score: 1.3

Analysis	Impacted version
On SMC this can only happened when a user try to resolv an FQDN object.	SMC bellow 2.8.1

Workaround solution	Solution
There is no workaround solution.	The 2.8.1 update will fix this vulnerability.

Access vector	Access complexity	Authentication	Confidentiality impact	Integrity impact	Availability impact
Network	High	None	None	None	Partial

CVSS Base score: 2.6	CVSS Vector: (AV:N/AC:H/Au:N/C:N/I:N/A:P)

Exploitability	Remediation Level	Report Confidence
Unproven that exploit exists	Official fix	Unconfirmed

CVSS Temporal score: 1.7	CVSS Vector: (AV:N/AC:H/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:UC)

Collateral Damage Potential	Target Distribution
None	Medium [26-75%]

CVSS Environmental score: 1.3	CVSS Vector: (AV:N/AC:H/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:UC/CDP:N/TD:M/CR:ND/IR:ND/AR:ND)

RSS Feed Contact Report a vulnerability Legal terms STORMSHIELD Corporate website Personal Data