Lucene search
HackeroneCVELIST:CVE-2021-22918HistoryJul 12, 2021 - 12:00 a.m.
CVE-2021-22918
2021-07-1200:00:00
CWE-125
hackerone
www.cve.org
7
node.js
vulnerability
out-of-bounds read
uv__idna_toascii()
information disclosure
crashes
uv_getaddrinfo
Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information disclosures or crashes. This function can be triggered via uv_getaddrinfo().
CNA Affected
[
{
"vendor": "n/a",
"product": "https://github.com/nodejs/node",
"versions": [
{
"version": "Fixed in 16.4.1, 14.17.2, and 12.22.2",
"status": "affected"
}
]
}
]Related
rocky
rocky
libuv security update
2021-08-10 12:00:55
nodejs:12 security, bug fix, and enhancement update
2021-08-10 12:00:47
nodejs:14 security, bug fix, and enhancement update
2021-08-10 12:00:51
photon
photon
Important Photon OS Security Update - PHSA-2021-0074
2021-08-02 00:00:00
Moderate Photon OS Security Update - PHSA-2021-4.0-0074
2021-08-02 00:00:00
nessus
nessus
GLSA-202401-23 : libuv: Buffer Overread
2024-01-16 00:00:00
Rocky Linux 8 : libuv (RLSA-2021:3075)
2023-11-07 00:00:00
Debian DSA-4936-1 : libuv1 - security update
2021-07-06 00:00:00
ibm
ibm
openvas
openvas
Mageia: Security Advisory (MGASA-2021-0360)
2022-01-28 00:00:00
Node.js 12.x < 12.22.2, 14.x < 14.17.2, 16.x < 16.4.1 DoS Vulnerability - Mac OS X
2021-07-14 00:00:00
Debian: Security Advisory (DSA-4936-1)
2021-07-07 00:00:00
amazon
amazon
Low: libuv
2024-01-03 21:04:00
oraclelinux
oraclelinux
libuv security update
2021-08-11 00:00:00
nodejs:12 security, bug fix, and enhancement update
2021-08-12 00:00:00
nodejs:14 security, bug fix, and enhancement update
2021-08-12 00:00:00
osv
osv
libuv-devel-1.42.0-1.2 on GA media
2024-06-15 00:00:00
CVE-2021-22918
2021-07-12 11:15:07
Low: libuv security update
2021-08-10 12:00:55
nvd
nvd
CVE-2021-22918
2021-07-12 11:15:07
almalinux
almalinux
Low: libuv security update
2021-08-10 12:00:55
Moderate: nodejs:12 security, bug fix, and enhancement update
2021-08-10 12:00:47
Moderate: nodejs:14 security, bug fix, and enhancement update
2021-08-10 12:00:51
altlinux
altlinux
Security fix for the ALT Linux 9 package node version 14.17.2-alt1
2021-08-03 00:00:00
Security fix for the ALT Linux 10 package node version 14.17.2-alt1
2021-07-01 00:00:00
redhat
redhat
(RHSA-2021:3075) Low: libuv security update
2021-08-10 12:00:55
mageia
mageia
Updated libuv packages fix security vulnerability
2021-07-20 13:46:47
debiancve
debiancve
CVE-2021-22918
2021-07-12 11:15:07
hackerone
hackerone
Node.js: OOB read in libuv
2021-05-26 06:22:37
prion
prion
Out-of-bounds
2021-07-12 11:15:00
redhatcve
redhatcve
CVE-2021-22918
2021-07-06 15:17:41
archlinux
archlinux
[ASA-202107-36] libuv: information disclosure
2021-07-20 00:00:00
[ASA-202107-33] nodejs-lts-erbium: multiple issues
2021-07-20 00:00:00
[ASA-202107-32] nodejs-lts-fermium: multiple issues
2021-07-20 00:00:00
ubuntucve
ubuntucve
CVE-2021-22918
2021-07-02 00:00:00
ubuntu
ubuntu
libuv vulnerability
2021-07-07 00:00:00
debian
debian
[SECURITY] [DSA 4936-1] libuv1 security update
2021-07-05 18:35:15
alpinelinux
alpinelinux
CVE-2021-22918
2021-07-12 11:15:07
cve
cve
CVE-2021-22918
2021-07-12 11:15:07
gentoo
gentoo
libuv: Buffer Overread
2024-01-16 00:00:00
Node.js: Multiple Vulnerabilities
2024-05-08 00:00:00
veracode
veracode
Information Disclosure
2021-07-10 13:46:13
cbl_mariner
cbl_mariner
CVE-2021-22918 affecting package nodejs 14.17.0-1
2021-08-11 06:39:34
freebsd
freebsd
Node.js -- July 2021 Security Releases
2021-07-01 00:00:00
suse
suse
Security update for nodejs14 (important)
2021-07-20 00:00:00
Security update for nodejs14 (important)
2021-07-15 00:00:00
Security update for nodejs10 (important)
2021-07-15 00:00:00
nodejsblog
nodejsblog
July 2021 Security Releases
2021-07-01 00:00:00
ics
ics
Siemens SINEC INS
2022-03-10 12:00:00