CVE-2020-7689 - OpenCVE

Data is truncated wrong when its length is greater than 255 bytes.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Node.bcrypt.js Project	Node.bcrypt.js

Configuration 1 [-]

cpe:2.3:a:node.bcrypt.js_project:node.bcrypt.js:*:*:*:*:*:node.js:*:*

References

Link	Resource
https://github.com/kelektiv/node.bcrypt.js/issues/776	Third Party Advisory
https://github.com/kelektiv/node.bcrypt.js/pull/806	Patch Third Party Advisory
https://github.com/kelektiv/node.bcrypt.js/pull/807	Patch Third Party Advisory
https://snyk.io/vuln/SNYK-JS-BCRYPT-572911	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: snyk

Published: 2020-07-01T00:00:00

Updated: 2020-07-01T13:55:14

Reserved: 2020-01-21T00:00:00

Link: CVE-2020-7689

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-07-01T14:15:14.623

Modified: 2021-07-21T11:39:23.747

Link: CVE-2020-7689

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "bcrypt", "vendor": "n/a", "versions": [{"lessThan": "5.0.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "pool683"}], "datePublic": "2020-07-01T00:00:00", "descriptions": [{"lang": "en", "value": "Data is truncated wrong when its length is greater than 255 bytes."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Insecure Encryption", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-07-01T13:55:14", "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://snyk.io/vuln/SNYK-JS-BCRYPT-572911"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/kelektiv/node.bcrypt.js/issues/776"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/kelektiv/node.bcrypt.js/pull/806"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/kelektiv/node.bcrypt.js/pull/807"}], "title": "Insecure Encryption", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "report@snyk.io", "DATE_PUBLIC": "2020-07-01T13:50:21.568041Z", "ID": "CVE-2020-7689", "STATE": "PUBLIC", "TITLE": "Insecure Encryption"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "bcrypt", "version": {"version_data": [{"version_affected": "<", "version_value": "5.0.0"}]}}]}, "vendor_name": "n/a"}]}}, "credit": [{"lang": "eng", "value": "pool683"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Data is truncated wrong when its length is greater than 255 bytes."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Insecure Encryption"}]}]}, "references": {"reference_data": [{"name": "https://snyk.io/vuln/SNYK-JS-BCRYPT-572911", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JS-BCRYPT-572911"}, {"name": "https://github.com/kelektiv/node.bcrypt.js/issues/776", "refsource": "MISC", "url": "https://github.com/kelektiv/node.bcrypt.js/issues/776"}, {"name": "https://github.com/kelektiv/node.bcrypt.js/pull/806", "refsource": "MISC", "url": "https://github.com/kelektiv/node.bcrypt.js/pull/806"}, {"name": "https://github.com/kelektiv/node.bcrypt.js/pull/807", "refsource": "MISC", "url": "https://github.com/kelektiv/node.bcrypt.js/pull/807"}]}}}}, "cveMetadata": {"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "cveId": "CVE-2020-7689", "datePublished": "2020-07-01T00:00:00", "dateReserved": "2020-01-21T00:00:00", "dateUpdated": "2020-07-01T13:55:14", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:node.bcrypt.js_project:node.bcrypt.js:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "965CB43E-B2C1-481A-B4F2-463E2BFEA05B", "versionEndExcluding": "5.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Data is truncated wrong when its length is greater than 255 bytes."}, {"lang": "es", "value": "Los datos son truncados equivocadamente cuando su longitud es mayor que 255 bytes"}], "id": "CVE-2020-7689", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "report@snyk.io", "type": "Secondary"}]}, "published": "2020-07-01T14:15:14.623", "references": [{"source": "report@snyk.io", "tags": ["Third Party Advisory"], "url": "https://github.com/kelektiv/node.bcrypt.js/issues/776"}, {"source": "report@snyk.io", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/kelektiv/node.bcrypt.js/pull/806"}, {"source": "report@snyk.io", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/kelektiv/node.bcrypt.js/pull/807"}, {"source": "report@snyk.io", "tags": ["Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JS-BCRYPT-572911"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}, {"lang": "en", "value": "CWE-327"}], "source": "nvd@nist.gov", "type": "Primary"}]}