[GLSA-202401-23] libuv: Buffer Overread
Severity
Low
Affected Packages
1
Unaffected Packages
1
CVEs
1
A buffer overread vulnerability has been found in libuv.
Background
libuv is a multi-platform support library with a focus on asynchronous I/O.
Description
libuv fails to ensure that a pointer lies within the bounds of a defined buffer in the uv__idna_toascii() function before reading and manipulating the memory at that address.
Impact
The overread can result in information disclosure or application crash.
Workaround
There is no known workaround at this time.
Resolution
All libuv users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/libuv-1.41.1"
Package | Affected Version |
---|---|
pkg:ebuild/dev-libs/libuv?distro=gentoo | < 1.41.1 |
Package | Unaffected Version |
---|---|
pkg:ebuild/dev-libs/libuv?distro=gentoo | >= 1.41.1 |
- ID
- GLSA-202401-23
- Severity
- low
- URL
- https://security.gentoo.org/glsa/202401-23
- Published
-
2024-01-16T00:00:00
(8 months ago) - Modified
-
2024-01-16T00:00:00
(8 months ago) - Rights
- Gentoo Foundation, Inc.
- Other Advisories
-
- ALAS2-2024-2410
- ALPINE:CVE-2021-22918
- ALSA-2021:3073
- ALSA-2021:3074
- ALSA-2021:3075
- ASA-202107-13
- ASA-202107-36
- DSA-4936-1
- ELSA-2021-3073
- ELSA-2021-3074
- ELSA-2021-3075
- FREEBSD:C174118E-1B11-11EC-9D9D-0022489AD614
- GLSA-202405-29
- MS:CVE-2021-22918
- openSUSE-SU-2021:1059-1
- openSUSE-SU-2021:1060-1
- openSUSE-SU-2021:1061-1
- openSUSE-SU-2021:2327-1
- openSUSE-SU-2021:2353-1
- openSUSE-SU-2021:2354-1
- RHSA-2021:3073
- RHSA-2021:3074
- RHSA-2021:3075
- RLSA-2021:3073
- RLSA-2021:3074
- RLSA-2021:3075
- SUSE-SU-2021:2319-1
- SUSE-SU-2021:2323-1
- SUSE-SU-2021:2326-1
- SUSE-SU-2021:2327-1
- SUSE-SU-2021:2353-1
- SUSE-SU-2021:2354-1
- USN-5007-1
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2021-22918 | CVE-2021-22918 | https://nvd.nist.gov/vuln/detail/CVE-2021-22918 |
Bugzilla | 800986 | Bugzilla #800986 | https://bugs.gentoo.org/show_bug.cgi?id=800986 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |