PT-2020-20060 · Node.Js+8 · Libuv+8

Published

2020-01-24

·

Updated

2026-05-18

·

CVE-2020-8252

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions libuv versions prior to 10.22.1 libuv versions prior to 12.18.4 libuv versions prior to 14.9.0
Description The issue arises from the incorrect determination of buffer size in the realpath implementation within libuv, which is used by Node.js. This can lead to a buffer overflow if the resolved path exceeds 256 bytes.
Recommendations For versions prior to 10.22.1, update to version 10.22.1 or later to resolve the issue. For versions prior to 12.18.4, update to version 12.18.4 or later to resolve the issue. For versions prior to 14.9.0, update to version 14.9.0 or later to resolve the issue.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

ALSA-2020:4272
ALSA-2021:0548
ALT-PU-2020-1090
ALT-PU-2020-2717
ALT-PU-2020-2926
ALT-PU-2022-3073
BIT-NODE-2020-8252
BIT-NODE-MIN-2020-8252
CESA-2020_4272
CESA-2021_0548
CLEANSTART-2026-BD71263
CLEANSTART-2026-IS74202
CLEANSTART-2026-JR35772
CLEANSTART-2026-JY06700
CLEANSTART-2026-KN34553
CLEANSTART-2026-KZ45320
CLEANSTART-2026-LJ44720
CLEANSTART-2026-LN12820
CLEANSTART-2026-TX00223
CLEANSTART-2026-WI75198
CVE-2020-8252
MGASA-2020-0372
MGASA-2020-0398
OPENSUSE-SU-2020:1616-1
OPENSUSE-SU-2020:1660-1
OPENSUSE-SU-2020_1616-1
OPENSUSE-SU-2020_1660-1
RHSA-2020:4272
RHSA-2020:4903
RHSA-2020:5086
RHSA-2020_4272
RHSA-2021:0521
RHSA-2021:0548
RHSA-2021_0548
RLSA-2020:4272
RLSA-2021:0548
SUSE-SU-2020:2812-1
SUSE-SU-2020:2813-1
SUSE-SU-2020:2823-1
SUSE-SU-2020:2829-1
USN-4548-1

Affected Products

Alt Linux
Almalinux
Centos
Linuxmint
Red Hat
Rocky Linux
Suse
Ubuntu
Libuv