41 matches found
Astra Linux - уязвимость в libuv1
libuv is a multi-platform support library that focuses on asynchronous I/O operations. The uvgetaddrinfo function in src/unix/getaddrinfo.c and its Windows counterpart src/win/getaddrinfo.c truncates hostnames to 256 characters before calling getaddrinfo. This behavior can be exploited to generat...
CVE-2026-44659
Zen is a firefox-based browser. Prior to 1.19.12b, the ZEN Browser incorrectly truncates long hostnames in the address bar and shows only the attacker-controlled prefix of the subdomain, hiding the actual registrable domain eTLD+1. As a result, an attacker can craft extremely long malicious...
squid34: Fix of 12 CVEs
CVE-2019-12525: fix heap buffer over-read in Digest auth parameter parsing - CVE-2018-1000027: fix NULL pointer dereference in X-Forwarded-For logging for internal transactions - CVE-2018-19131: escape certificate field injection via %D in ERRSECURECONNECTFAIL page - CVE-2018-19132: fix memory...
CLSA-2026-1777539404 squid34: Fix of 12 CVEs
CVE-2019-12525: fix heap buffer over-read in Digest auth parameter parsing - CVE-2018-1000027: fix NULL pointer dereference in X-Forwarded-For logging for internal transactions - CVE-2018-19131: escape certificate field injection via %D in ERRSECURECONNECTFAIL page - CVE-2018-19132: fix memory...
CLSA-2025-1762363908 libuv: Fix of CVE-2024-24806
CVE-2024-24806: fix issue where uvgetaddrinfo function truncates hostnames, potentially allowing crafted payloads to resolve to unintended IP addresses, by handling hostnameascii variable properly in uvgetaddrinfo and uvidnatoascii functions...
EUVD-2010-2907
Malware in sbrugna...
EUVD-2024-22182
Malicious code in bioql PyPI...
K000152876: libuv vulnerability CVE-2024-24806
Security Advisory Description libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in src/unix/getaddrinfo.c and its windows counterpart src/win/getaddrinfo.c, truncates hostnames to 256 characters before calling getaddrinfo. This behavior can be...
F5 Networks BIG-IP : libuv vulnerability (K000152876)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000152876 advisory. libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in...
NewStart CGSL MAIN 7.02 : libuv Vulnerability (NS-SA-2025-0112)
The remote NewStart CGSL host, running version MAIN 7.02, has libuv packages installed that are affected by a vulnerability: - libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in src/unix/getaddrinfo.c and its windows counterpart...
TencentOS Server 3: libuv (TSSA-2024:0314)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0314 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
TencentOS Server 4: libuv (TSSA-2024:0609)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0609 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
Alibaba Cloud Linux 3 : 0185: libuv (ALINUX3-SA-2024:0185)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0185 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-24806: libuv is a multi-platform support...
Linux Distros Unpatched Vulnerability : CVE-2024-24806
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in src/unix/getaddrinfo.c and its windows counterpart...
libuv: Hostname Truncation
Background libuv is a multi-platform support library with a focus on asynchronous I/O. Description Multiple vulnerabilities have been discovered in libuv. Please review the CVE identifiers referenced below for details. Impact The uvgetaddrinfo function in src/unix/getaddrinfo.c truncates hostname...
GLSA-202501-05 : libuv: Hostname Truncation
The remote host is affected by the vulnerability described in GLSA-202501-05 libuv: Hostname Truncation Multiple vulnerabilities have been discovered in libuv. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly from the...
libuv: Improper Domain Lookup that potentially leads to SSRF attacks
A server-side request forgery SSRF flaw was found in the libuv package due to how the hostnameascii variable is handled in uvgetaddrinfo and uvidnatoascii. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result, attackers may be able to access...
EulerOS 2.0 SP10 : libuv (EulerOS-SA-2024-1594)
According to the versions of the libuv package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in src/unix/getaddrinfo.c and its windows...
MGASA-2024-0079 Updated libuv packages fix security vulnerability
It was discovered that the uvgetaddrinfo function in libuv, an asynchronous event notification library, incorrectly truncated certain hostnames, which may result in bypass of security measures on internal APIs or SSRF attacks. CVE-2024-24806...
Medium: libuv
Issue Overview: libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in src/unix/getaddrinfo.c and its windows counterpart src/win/getaddrinfo.c, truncates hostnames to 256 characters before calling getaddrinfo. This behavior can be exploited to...