0.001 Low
EPSS
Percentile
46.7%
Node.js is vulnerable to an out-of-bounds read. The libuv's uv__idna_toascii() function which converts strings to ASCII is called by Nodeโs dns moduleโs lookup() function and can lead to information disclosures or crashes.
libuv's uv__idna_toascii()
lookup()
cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
hackerone.com/reports/1209681
nodejs.org/en/blog/vulnerability/july-2021-security-releases/
security-tracker.debian.org/tracker/CVE-2021-22918
security.netapp.com/advisory/ntap-20210805-0003/