Debian Libuv1 vulnerabilities

CVE-2024-24806 [HIGH] CVE-2024-24806: libuv1 - libuv is a multi-platform support library with a focus on asynchronous I/O. The ... libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddr

CVE-2021-22918 [MEDIUM] CVE-2021-22918: libuv1 - Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read w... Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information disclosures or crashes. This function can be triggered via u

CVE-2020-8252 [HIGH] CVE-2020-8252: libuv1 - The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used ... The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes. Scope: local bookworm: resolved (fixed in 1.39.0-1) bullseye: resolved (fixed in 1.39.0-1) forky: resolved (fixed in 1.39.0-1) sid: resolved (fixed in 1