CVE-2021-22918
CVSS v3.1
5.3 (Medium)
CVSS v2.0
5 (Medium)
EPSS
0.12 % (47th)
Affected Products
2
Advisories
34
Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information disclosures or crashes. This function can be triggered via uv_getaddrinfo().
Weaknesses
- CWE-125
- Out-of-bounds Read
- CVE Status
- PUBLISHED
- CNA
- HackerOne
- Published Date
-
2021-07-12 11:15:07
(3 years ago) - Updated Date
-
2024-01-16 13:15:07
(8 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...