The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes.
2020-09-18T21:15:13.497
2024-11-21T05:38:35.650
Modified
CVSSv3.1: 7.8 (HIGH)
AV:L/AC:L/Au:N/C:P/I:P/A:P
3.9
6.4
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | nodejs | node.js | < 10.22.1 | Yes |
Application | nodejs | node.js | < 12.18.4 | Yes |
Application | nodejs | node.js | < 14.9.0 | Yes |
Operating System | opensuse | leap | 15.2 | Yes |
Operating System | fedoraproject | fedora | 33 | Yes |