Search CVE reports


Toggle filters

1 – 3 of 3 results


CVE-2024-24806

Medium priority
Fixed

libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256...

1 affected packages

libuv1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libuv1 Not affected Fixed Fixed Not affected Not affected
Show less packages

CVE-2021-22918

Medium priority
Fixed

Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the...

1 affected packages

libuv1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libuv1 Fixed Fixed Not affected Not affected
Show less packages

CVE-2020-8252

Medium priority
Fixed

The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes.

1 affected packages

libuv1

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libuv1 Fixed Not affected Not affected
Show less packages