1. Home
  2. Security Advisories
  3. Gentoo
  4. GLSA-202401-23

[GLSA-202401-23] libuv: Buffer Overread

Severity Low
Affected Packages 1
Unaffected Packages 1
CVEs 1
Info Packages References Vulnerabilities

A buffer overread vulnerability has been found in libuv.

Background
libuv is a multi-platform support library with a focus on asynchronous I/O.

Description
libuv fails to ensure that a pointer lies within the bounds of a defined buffer in the uv__idna_toascii() function before reading and manipulating the memory at that address.

Impact
The overread can result in information disclosure or application crash.

Workaround
There is no known workaround at this time.

Resolution
All libuv users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/libuv-1.41.1"

Package Affected Version
pkg:ebuild/dev-libs/libuv?distro=gentoo < 1.41.1
Package Unaffected Version
pkg:ebuild/dev-libs/libuv?distro=gentoo >= 1.41.1
ID
GLSA-202401-23
Severity
low
URL
https://security.gentoo.org/glsa/202401-23
Published
2024-01-16T00:00:00
(8 months ago)
Modified
2024-01-16T00:00:00
(8 months ago)
Rights
Gentoo Foundation, Inc.
Other Advisories
Source # ID Name URL
CVE CVE-2021-22918 CVE-2021-22918 https://nvd.nist.gov/vuln/detail/CVE-2021-22918
Bugzilla 800986 Bugzilla #800986 https://bugs.gentoo.org/show_bug.cgi?id=800986
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:ebuild/dev-libs/libuv?distro=gentoo dev-libs libuv < 1.41.1 gentoo
Unaffected pkg:ebuild/dev-libs/libuv?distro=gentoo dev-libs libuv >= 1.41.1 gentoo
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date