GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Tue Sep 29, 2020 8:26 pm Post subject: [ GLSA 202009-15 ] libuv |
 |
|
Gentoo Linux Security Advisory
Title: libuv: Buffer overflow (GLSA 202009-15)
Severity: normal
Exploitable: remote
Date: 2020-09-29
Bug(s): #742890
ID: 202009-15
Synopsis
A buffer overflow in libuv might allow remote attacker(s) to
execute arbitrary code.
Background
libuv is a multi-platform support library with a focus on asynchronous
I/O.
Affected Packages
Package: dev-libs/libuv
Vulnerable: < 1.39.0
Unaffected: >= 1.39.0
Architectures: All supported architectures
Description
libuv used an incorrect buffer size for paths, causing a buffer
overflow.
Impact
A remote attacker could possibly execute arbitrary code with the
privileges of the process, or cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All libuv users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/libuv-1.39.0"
|
References
CVE-2020-8252 |
|
News & Announcements
