Ericsesterhenn

**Name of the Vulnerable Software and Affected Versions** Node.js versions prior to 16.4.1 Node.js versions prior to 14.17.2 Node.js versions prior to 12.22.2 **Description** The issue is related to an out-of-bounds read in the uv idna toascii() function of the Node.js platform, which can be triggered via uv getaddrinfo(). This can lead to information disclosures or crashes, potentially allowing a remote attacker to gain unauthorized access to protected information or cause a denial of service. **Recommendations** For versions prior to 16.4.1, update to version 16.4.1 or later. For versions prior to 14.17.2, update to version 14.17.2 or later. For versions prior to 12.22.2, update to version 12.22.2 or later. As a temporary workaround, consider restricting the use of the uv idna toascii() function until a patch is available.