21 matches found
SUSE CVE-2026-39821
The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication via the ToASCII and ToUnicode functions. An attacker can bypass hostname validation by submitting Punycode-encoded labels that decode to ASCII-only labels, potentially leading to privilege escalation in...
Google Go 安全漏洞
Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from the ToASCII and ToUnicode functions accepting Punycode encoded tags that are decoded...
CLSA-2025-1762363908 libuv: Fix of CVE-2024-24806
CVE-2024-24806: fix issue where uvgetaddrinfo function truncates hostnames, potentially allowing crafted payloads to resolve to unintended IP addresses, by handling hostnameascii variable properly in uvgetaddrinfo and uvidnatoascii functions...
libuv: Improper Domain Lookup that potentially leads to SSRF attacks
A server-side request forgery SSRF flaw was found in the libuv package due to how the hostnameascii variable is handled in uvgetaddrinfo and uvidnatoascii. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result, attackers may be able to access...
SUSE CVE-2021-22918
Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to...
OESA-2022-1933 nodejs security update
Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...
libuv: out-of-bounds read in uv__idna_toascii() can lead to information disclosures or crashes
A flaw has been found in libuv. Node.js is vulnerable to out-of-bounds read in libuv's uvidnatoascii function which is used to convert strings to ASCII which is called by Node's DNS module's lookup function and can lead to information disclosures or crashes. The highest threat from this...
libuv: out-of-bounds read in uv__idna_toascii() can lead to information disclosures or crashes
A flaw has been found in libuv. Node.js is vulnerable to out-of-bounds read in libuv's uvidnatoascii function which is used to convert strings to ASCII which is called by Node's DNS module's lookup function and can lead to information disclosures or crashes. The highest threat from this...
The vulnerability of the uv__idna_toascii() function on the Node.js software platform, which allows a malicious actor to gain unauthorized access to protected information or cause service failure.
The vulnerability of the uvidnatoascii function on the Node.js platform is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information or cause service failures...
libuv: out-of-bounds read in uv__idna_toascii() can lead to information disclosures or crashes
A flaw has been found in libuv. Node.js is vulnerable to out-of-bounds read in libuv's uvidnatoascii function which is used to convert strings to ASCII which is called by Node's DNS module's lookup function and can lead to information disclosures or crashes. The highest threat from this...
libuv: out-of-bounds read in uv__idna_toascii() can lead to information disclosures or crashes
A flaw has been found in libuv. Node.js is vulnerable to out-of-bounds read in libuv's uvidnatoascii function which is used to convert strings to ASCII which is called by Node's DNS module's lookup function and can lead to information disclosures or crashes. The highest threat from this...
libuv: out-of-bounds read in uv__idna_toascii() can lead to information disclosures or crashes
A flaw has been found in libuv. Node.js is vulnerable to out-of-bounds read in libuv's uvidnatoascii function which is used to convert strings to ASCII which is called by Node's DNS module's lookup function and can lead to information disclosures or crashes. The highest threat from this...
libuv: out-of-bounds read in uv__idna_toascii() can lead to information disclosures or crashes
A flaw has been found in libuv. Node.js is vulnerable to out-of-bounds read in libuv's uvidnatoascii function which is used to convert strings to ASCII which is called by Node's DNS module's lookup function and can lead to information disclosures or crashes. The highest threat from this...
Node.js before 16.4.1 14.17.2 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe with the latter holding a pointer to the end of the buffer. This can lead to information disclosures or crashes. This function can be triggered via uv_getaddrinfo().
...
ALPINE-CVE-2021-22918
Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to...
DEBIAN-CVE-2021-22918
Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to...
UBUNTU-CVE-2021-22918
Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uvidnatoascii is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to...
PT-2021-3596 · Node.Js +9 · Node.Js +9
Name of the Vulnerable Software and Affected Versions: Node.js versions prior to 16.4.1 Node.js versions prior to 14.17.2 Node.js versions prior to 12.22.2 Description: The issue is related to an out-of-bounds read in the uv idna toascii function of the Node.js platform, which can be triggered vi...
CVE-2018-2417
Under certain conditions, the SAP Identity Management 8.0 pass of type ToASCII allows an attacker to access information which would otherwise be restricted...