Описание
The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libuv1 | fixed | 1.39.0-1 | package | |
| libuv1 | not-affected | stretch | package |
Примечания
https://hackerone.com/reports/965914
https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#fs-realpath-native-on-may-cause-buffer-overflow-medium-cve-2020-8252
Debian's version of nodejs uses the shared system library of libuv1 instead
of the bundled one.
https://github.com/libuv/libuv/issues/2965
Introduced by: https://github.com/libuv/libuv/commit/b56d279b172fbe78dee2fb1d29cae9c9c5c6d1c4 (v1.24.0)
Fixed by: https://github.com/libuv/libuv/commit/0e6e8620496dff0eb285589ef1e37a7f407f3ddd (v1.39.0)
Broken path in uv__fs_realpath() only taken when libuv1 build in
pre-POSIX.2008 mode (defined(_POSIX_VERSION) && _POSIX_VERSION < 200809L).
EPSS
Связанные уязвимости
The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes.
The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes.
The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes.
The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes.
EPSS