system/libuv: CVE-2020-8252: A buffer overflow in libuv might allow remote attacker(s) to execute arbitrary code.
This is quoted text, but the versions don't seem accurate. From Gentoo page:
Package | dev-libs/libuv on all architectures |
---|---|
Affected versions | < 1.39.0 |
Unaffected versions | >= 1.39.0 |
From CVE page:
Name | Description |
---|---|
CVE-2020-8252 | The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes. |
- CONFIRM:https://security.netapp.com/advisory/ntap-20201009-0004/
- FEDORA:FEDORA-2020-43d5a372fc
- URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/
- GENTOO:GLSA-202009-15
- URL:https://security.gentoo.org/glsa/202009-15
- MISC:https://hackerone.com/reports/965914
- URL:https://hackerone.com/reports/965914
- MISC:https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/
- URL:https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/
- SUSE:openSUSE-SU-2020:1616
- URL:http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00011.html
- SUSE:openSUSE-SU-2020:1660
- URL:http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00023.html
- UBUNTU:USN-4548-1
- URL:https://usn.ubuntu.com/4548-1/