{"id":"CVE-2020-8277","details":"A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions \u003c 15.2.1, \u003c 14.15.1, and \u003c 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1.","aliases":["BIT-node-2020-8277","BIT-node-min-2020-8277"],"modified":"2026-04-02T06:46:33.525056Z","published":"2020-11-19T01:15:12.763Z","related":["ALSA-2020:5499","ALSA-2021:0551","SUSE-SU-2020:3478-1","SUSE-SU-2020:3549-1","SUSE-SU-2021:0061-1","SUSE-SU-2021:0062-1","openSUSE-SU-2020:2045-1","openSUSE-SU-2020:2092-1","openSUSE-SU-2021:0064-1","openSUSE-SU-2021:0066-1","openSUSE-SU-2024:10668-1","openSUSE-SU-2024:11096-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A7WH7W46OZSEUHWBHD7TCH3LRFY52V6Z/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEJBY3RJB3XWUOJFGZM5E3EMQ7MFM3UT/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EEIV4CH6KNVZK63Y6EKVN2XDW7IHSJBJ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VXLJY4764LYVJPC7NCDLE2UMQ3QC5OI2/"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202012-11"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202101-07"},{"type":"REPORT","url":"https://hackerone.com/reports/1033107"},{"type":"FIX","url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"type":"FIX","url":"https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/c-ares/c-ares","events":[{"introduced":"0"},{"fixed":"077a587dccbe2f0d8a1987fbd3525333705c2249"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.16.0"}]}},{"type":"GIT","repo":"https://github.com/graalvm/graalvm-ce-builds","events":[{"introduced":"0"},{"last_affected":"4b00c1f1d35186b8ac562522370ad3982124bd80"},{"introduced":"0"},{"last_affected":"fab0396eab86e8236899c69d3a56baad00e5af14"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"19.3.4"},{"introduced":"0"},{"last_affected":"20.3.0"}]}},{"type":"GIT","repo":"https://github.com/nodejs/node","events":[{"introduced":"63d1e08e64e7e09408eb63cd8dd7c65ad766f277"},{"fixed":"f95d7152cb9f56b3d6ca8e107a01c199b235c0df"},{"introduced":"c0486072d1af16444b269524f46c8d20891d28b0"},{"fixed":"948f5152d7e90451439cb8040fd15237decbc229"},{"introduced":"d683e3dda09b6b3cc6cad6fd2c106e3061a48f0d"},{"fixed":"1b0d17dd28e8fc9fa669020fe70bf81c3cd66a65"}],"database_specific":{"versions":[{"introduced":"12.16.3"},{"fixed":"12.19.1"},{"introduced":"14.13.0"},{"fixed":"14.15.1"},{"introduced":"15.0.0"},{"fixed":"15.2.1"}]}}],"versions":["c-ares-1_2_0","cares-1_10_0","cares-1_11_0","cares-1_11_0-rc1","cares-1_12_0","cares-1_13_0","cares-1_14_0","cares-1_15_0","cares-1_1_0","cares-1_2_1","cares-1_3_1","cares-1_3_2","cares-1_4_0","cares-1_5_0","cares-1_5_1","cares-1_5_2","cares-1_5_3","cares-1_6_0","cares-1_7_0","cares-1_7_1","cares-1_7_2","cares-1_7_3","cares-1_7_4","cares-1_7_5","cares-1_8_0","cares-1_9_0","cares-1_9_1","curl-7_10_8","curl-7_11_0","curl-7_11_1","curl-7_12_0","curl-7_12_1","curl-7_12_2","curl-7_13_0","curl-7_13_1","curl-7_13_2","curl-7_14_0","curl-7_14_1","curl-7_15_0","curl-7_15_1","curl-7_15_3","curl-7_15_4","curl-7_15_5","curl-7_15_6-prepipeline","curl-7_16_0","curl-7_16_1","curl-7_16_2","curl-7_16_3","curl-7_16_4","curl-7_17_0","curl-7_17_1","curl-7_18_0","curl-7_18_1","curl-7_18_2","curl-7_19_0","curl-7_19_2","curl-7_19_3","curl-7_19_4","curl-7_19_5","curl-7_19_6","curl-7_19_7","curl-7_20_0","v12.16.3","v12.17.0","v12.18.0","v12.18.1","v12.18.2","v12.18.3","v12.18.4","v12.19.0","v14.13.0","v14.13.1","v14.14.0","v14.15.0","v15.0.0","v15.0.1","v15.1.0","v15.2.0","vm-19.3.0","vm-19.3.0.2","vm-19.3.1","vm-19.3.2","vm-19.3.2-pre","vm-19.3.3","vm-19.3.4","vm-20.0.0","vm-20.0.1","vm-20.1.0","vm-20.2.0","vm-ce-21.2.0"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"32"}]},{"events":[{"introduced":"0"},{"last_affected":"33"}]},{"events":[{"introduced":"0"},{"fixed":"21.1.2"}]},{"events":[{"introduced":"0"},{"fixed":"9.2.6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0.23"}]},{"events":[{"introduced":"0"},{"last_affected":"16.0.6"}]},{"events":[{"introduced":"0"},{"last_affected":"17.0.4"}]},{"events":[{"introduced":"0"},{"last_affected":"18.0.3"}]},{"events":[{"introduced":"0"},{"last_affected":"19.0.2"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8277.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}