rpm package
almalinux/libuv-devel
pkg:rpm/almalinux/libuv-devel
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-24806 | — | < 1:1.41.1-2.el8_10 | 1:1.41.1-2.el8_10 | Feb 7, 2024 | libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be ex | ||
| CVE-2021-22918 | — | < 1:1.41.1-1.el8_4 | 1:1.41.1-1.el8_4 | Jul 12, 2021 | Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. Th |
- CVE-2024-24806Feb 7, 2024affected < 1:1.41.1-2.el8_10fixed 1:1.41.1-2.el8_10
libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be ex
- CVE-2021-22918Jul 12, 2021affected < 1:1.41.1-1.el8_4fixed 1:1.41.1-1.el8_4
Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. Th