CVE-2020-8252

CVE-2020-8252: Node.js uses libuv realpath.native with incorrect bounds checking, causing a buffer overflow when the resolved path exceeds 256 bytes. Affected libuv implementations are <10.22.1, <12.18.4, and

CVE-2020-8252

The implementation of realpath in libuv 10.22.1, 12.18.4, and 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes...

CVE-2020-8252

The implementation of realpath in libuv 10.22.1, 12.18.4, and 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes...

CVE-2020-8252

The implementation of realpath in libuv 10.22.1, 12.18.4, and 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes...

CVE-2020-8252

A flaw has been found in libuv. The realpath implementation performs an incorrect calculation when allocating a buffer, leading to a potential buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

Node.js -- September 2020 Security Releases

Node.js reports: Updates are now available for v10,x, v12.x and v14.x Node.js release lines for the following issues. HTTP Request Smuggling due to CR-to-Hyphen conversion High CVE-2020-8201 Affected Node.js versions converted carriage returns in HTTP request headers to a hyphen before parsing...

Node.js: `fs.realpath.native` on darwin may cause buffer overflow

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! Summary: The libuv's implementation of...

exiv2: buffer overflow in samples/geotag.cpp

samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms other than Apple platforms where glibc is not used, possibly leading to a buffer overflow...

PT-2020-20060 · Node.Js +8 · Libuv +8

Name of the Vulnerable Software and Affected Versions: libuv versions prior to 10.22.1 libuv versions prior to 12.18.4 libuv versions prior to 14.9.0 Description: The issue arises from the incorrect determination of buffer size in the realpath implementation within libuv, which is used by Node.js...

openSUSE: Security Advisory for samba (openSUSE-SU-2019:1755-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Arbitrary Code Execution

GNU C Library is vulnerable to arbitrary code execution attacks. This occurs in the stdlib/canonicalize.c when processing very long pathname arguments to the realpath function which may encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and potentially...

openSUSE Security Update : glibc (openSUSE-2019-539)

This update for glibc fixes the following security issues : - CVE-2017-18269: An SSE2-optimized memmove implementation for i386 did not correctly perform the overlapping memory check if the source memory range spaned the middle of the address space, resulting in corrupt data being produced by the...

EulerOS Virtualization 2.5.2 : glibc (EulerOS-SA-2019-1086)

According to the version of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - stdlib/canonicalize.c in the GNU C Library aka glibc or libc6 2.27 and earlier, when processing very long pathname arguments to the...

EulerOS 2.0 SP3 : glibc (EulerOS-SA-2019-1024)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - stdlib/canonicalize.c in the GNU C Library aka glibc or libc6 2.27 and earlier, when processing very long pathname arguments to the realpath...

Medium: glibc

Issue Overview: A buffer overflow has been discovered in the GNU C Library aka glibc or libc6 in the mempcpyavx512novzeroupper function when particular conditions are met. An attacker could use this vulnerability to cause a denial of service or potentially execute code.CVE-2018-11237 elf/dl-load....

glibc security, bug fix, and enhancement update

2.17-260.0.9 - Regenerate plural.c - OraBug 28806294. - Reviewed-by: Jose E. Marchesi 2.17-260.0.7 - intl: Port to Bison 3.0 - Backport of upstream gettext commit 19f23e290a5e4a82b9edf9f5a4f8ab6192871be9 - OraBug 28806294. - Reviewed-by: Patrick McGehearty 2.17-260.0.5 - Fix dbl-64/wordsize-64...

glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow

stdlib/canonicalize.c in the GNU C Library aka glibc or libc6 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution...

EulerOS Virtualization 2.5.0 : glibc (EulerOS-SA-2018-1239)

According to the version of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - In glibc 2.26 and earlier there is confusion in the usage of getcwd by realpath which can be used to write before the destination...

LibreOffice Denial of Service Vulnerability (CNVD-2018-17516)

LibreOffice is a free and open source office software suite developed by The Document Foundation TDF. The suite consists of Writer text documents, Calc spreadsheets and Impress presentations and other applications. A security vulnerability exists in LibreOffice 6.0.5 and earlier versions, which...

Buffer overflow

The getapppath function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause a denial of service buffer overflow and application crash or possibly have unspecified other impac...