VYPR

rpm package

opensuse/libuv&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/libuv&distro=openSUSE%20Tumbleweed

Vulnerabilities (2)

  • CVE-2024-24806Feb 7, 2024
    affected < 1.48.0-1.1fixed 1.48.0-1.1

    libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be ex

  • CVE-2021-22918Jul 12, 2021
    affected < 1.42.0-1.2fixed 1.42.0-1.2

    Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. Th