CVE-2014-9748

CWE-362Race Condition5 documents5 sources
Severity
8.1HIGH
EPSS
0.5%
top 34.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Libuv LibuvNodejs Node.js
Timeline
PublishedFeb 11
Latest updateMay 17

Description

The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows attackers to cause a denial of service (deadlock) or possibly have unspecified other impact by leveraging a race condition.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages3 packages

NVDlibuv/libuv< 1.7.4
NVDnodejs/node.js0.10.00.10.46+1
Debiannodejs< 4.0.0~dfsg-1+3

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-6w8h-9vfj-7934: The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 12022-05-17
CVEList
CVE-2014-9748: The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 12020-02-11
OSV
CVE-2014-9748: The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 12020-02-11

📋Vendor Advisories

1
Debian
CVE-2014-9748: nodejs - The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv ...2014
CVE-2014-9748 (HIGH CVSS 8.1) | The uv_rwlock_t fallback implementa | cvebase.io