PT-2021-3596 · Node.Js+9 · Node.Js+9
Ericsesterhenn
·
Published
2021-05-26
·
Updated
2024-12-16
·
CVE-2021-22918
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Node.js versions prior to 16.4.1
Node.js versions prior to 14.17.2
Node.js versions prior to 12.22.2
Description
The issue is related to an out-of-bounds read in the uv idna toascii() function of the Node.js platform, which can be triggered via uv getaddrinfo(). This can lead to information disclosures or crashes, potentially allowing a remote attacker to gain unauthorized access to protected information or cause a denial of service.
Recommendations
For versions prior to 16.4.1, update to version 16.4.1 or later.
For versions prior to 14.17.2, update to version 14.17.2 or later.
For versions prior to 12.22.2, update to version 12.22.2 or later.
As a temporary workaround, consider restricting the use of the uv idna toascii() function until a patch is available.
Exploit
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Node.Js
Red Hat
Rocky Linux
Suse
Ubuntu