CVE-2020-8252

CWE-120Classic Buffer OverflowCWE-13114 documents8 sources
Severity
7.8HIGH
EPSS
0.2%
top 60.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Nodejs NodeNodejs Node.jsFedoraproject Fedora+1 more
Timeline
PublishedSep 18
Latest updateMay 24

Description

The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

CVEListV5nodejs/node4.04.*+10
NVDnodejs/node.js10.0.010.22.1+2
Debianlibuv1< 1.39.0-1+3
NVDopensuse/leap15.2

Also affects: Fedora 33

🔴Vulnerability Details

3
GHSA
GHSA-c5r6-cm8r-wgh9: The implementation of realpath in libuv < 102022-05-24
CVEList
CVE-2020-8252: The implementation of realpath in libuv < 102020-09-18
OSV
CVE-2020-8252: The implementation of realpath in libuv < 102020-09-18

📋Vendor Advisories

3
Ubuntu
libuv vulnerability2020-09-28
Red Hat
libuv: buffer overflow in realpath2020-09-15
Debian
CVE-2020-8252: libuv1 - The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used ...2020

💬Community

7
Bugzilla
CVE-2020-8252 nodejs:12/nodejs: libuv: buffer overflow in realpath [fedora-all]2020-09-16
Bugzilla
CVE-2020-8252 nodejs:13/nodejs: libuv: buffer overflow in realpath [fedora-all]2020-09-16
Bugzilla
CVE-2020-8252 libuv: buffer overflow in realpath2020-09-16
Bugzilla
CVE-2020-8252 nodejs:14/nodejs: libuv: buffer overflow in realpath [fedora-all]2020-09-16
Bugzilla
CVE-2020-8252 nodejs: libuv: buffer overflow in realpath [fedora-all]2020-09-16
CVE-2020-8252 (HIGH CVSS 7.8) | The implementation of realpath in l | cvebase.io