cbcvebase.
CVE-2014-9748
published 2020-02-11

CVE-2014-9748: The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not properly prevent threads from releasing the locks of…

high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows attackers to cause a denial of service (deadlock) or possibly have unspecified other impact by leveraging a race condition.

Affected

8 ranges
VendorProductVersion rangeFixed in
debiannodejs< nodejs 4.0.0~dfsg-1 (bookworm)nodejs 4.0.0~dfsg-1 (bookworm)
libuvlibuv< 1.7.41.7.4
nodejsnode.js>= 0.10.0 < 0.10.460.10.46
nodejsnode.js>= 0.12.0 < 0.12.150.12.15
nodejsnodejs>= 0 < 4.0.0~dfsg-14.0.0~dfsg-1
nodejsnodejs>= 0 < 4.0.0~dfsg-14.0.0~dfsg-1
nodejsnodejs>= 0 < 4.0.0~dfsg-14.0.0~dfsg-1
nodejsnodejs>= 0 < 4.0.0~dfsg-14.0.0~dfsg-1

CVSS provenance

nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
osv8.1HIGH