CVE-2015-0278Improper Check for Dropped Privileges in Project Libuv

CWE-273Improper Check for Dropped Privileges5 documents5 sources
Severity
10.0CRITICALNVD
EPSS
1.6%
top 18.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Nodejs Node.jsLibuv Project LibuvFedoraproject Fedora
Timeline
PublishedMay 18
Latest updateMay 14

Description

libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

NVDlibuv_project/libuv0.10.33
NVDnodejs/node.js< 0.10.37

Also affects: Fedora 21

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-hmvq-6hjm-q8hj: libuv before 02022-05-14
CVEList
CVE-2015-0278: libuv before 02015-05-18

📋Vendor Advisories

1
Red Hat
libuv: incorrect revocation order while relinquishing privileges2014-02-10

💬Community

1
Bugzilla
CVE-2015-0278 libuv: incorrect revocation order while relinquishing privileges2015-02-20
CVE-2015-0278 — Improper Check for Dropped Privileges | cvebase