Denial of Service through DNS request Discovered in Node JS (CVE-2020-8277)

The Backend Engineering Show with Hussein Nasser

Episode | Podcast

Date: Tue, 17 Nov 2020 15:50:23 GMT

<p>A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of service by getting the application to resolve a DNS record with a larger number of responses. (CVE-2020-8277) &nbsp;I discuss this attack in this video and whether you should fix it. &nbsp;Impacts: * Versions 12.16.3 and higher on the 12.x release line * Versions 14.13.0 and higher on the 14.x release line * All versions of the 15.x release line &nbsp;&nbsp;Resources https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/#:~:text=Denial%20of%20Service%20through%20DNS,a%20larger%20number%20of%20responses. Code Fix &nbsp;https://github.com/nodejs/node/commit/022899e1d5</p>