CVEs-PoC/2020/CVE-2020-8265.md

### [CVE-2020-8265](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8265)
![](https://img.shields.io/static/v1?label=Product&message=https%3A%2F%2Fgithub.com%2Fnodejs%2Fnode&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20After%20Free%20(CWE-416)&color=brighgreen)

### Description

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits.

### POC

#### Reference
- https://www.oracle.com/security-alerts/cpujan2021.html

#### Github
No PoCs found on GitHub currently.