Описание
Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information disclosures or crashes. This function can be triggered via uv_getaddrinfo().
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | code not present |
| devel | released | 1.40.0-2 |
| esm-apps/xenial | not-affected | code not present |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | not-affected | code not present |
| esm-infra/focal | not-affected | 1.34.2-1ubuntu1.3 |
| focal | released | 1.34.2-1ubuntu1.3 |
| groovy | released | 1.38.0-2ubuntu2.1 |
| hirsute | released | 1.40.0-1ubuntu0.1 |
| impish | released | 1.40.0-2 |
Показывать по
5 Medium
CVSS2
5.3 Medium
CVSS3
Связанные уязвимости
Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information disclosures or crashes. This function can be triggered via uv_getaddrinfo().
Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information disclosures or crashes. This function can be triggered via uv_getaddrinfo().
Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bou ...
5 Medium
CVSS2
5.3 Medium
CVSS3