nodejs-current: Multiple vulnerabilities (CVE-2020-8172, CVE-2020-8174, CVE-2020-11080)ID: oval:org.secpod.oval:def:1801859 | Date: (C)2021-03-15 (M)2024-01-29 |
Class: PATCH | Family: unix |
Calling napi_get_value_string_latin1, napi_get_value_string_utf8, or napi_get_value_string_utf16 with a non-NULL buf, and a bufsize of 0 will cause the entire string value to be written to buf, probably overrunning the length of the buffer.Receiving unreasonably large HTTP/2 SETTINGS frames can consume 100% CPU to process all the settings, blocking all other activities until complete. The HTTP/2 session frame is limited to 32 settings by default. This can be configured if necessary using the maxSettings option.
Platform: |
Alpine Linux 3.12 |
Alpine Linux 3.13 |