diff options
| author | Salvatore Bonaccorso <carnil@debian.org> | 2020-10-03 00:04:03 +0200 |
|---|---|---|
| committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-10-03 00:04:03 +0200 |
| commit | e9bebf3cf51f8be855467c26ac7ce733814fb29d (patch) | |
| tree | 3fb320aaa34ef2f20ac308af5b68a16fa4f17656 | |
| parent | ca132793af0eafa7dc15ce9c5ec8f6f90d35a26a (diff) | |
Update information on CVE-2020-8252
| -rw-r--r-- | data/CVE/list | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/data/CVE/list b/data/CVE/list index 308508c082..8922e671aa 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -43065,7 +43065,7 @@ CVE-2020-8254 CVE-2020-8253 (Improper authentication in Citrix XenMobile Server 10.12 before RP2, C ...) NOT-FOR-US: Citrix CVE-2020-8252 (The implementation of realpath in libuv < 10.22.1, < 12.18.4, an ...) - - libuv1 1.39.0-1 + - libuv1 1.39.0-1 (unimportant) [stretch] - libuv1 <not-affected> (Vulnerable code introduced later) NOTE: https://hackerone.com/reports/965914 NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#fs-realpath-native-on-may-cause-buffer-overflow-medium-cve-2020-8252 @@ -43074,6 +43074,8 @@ CVE-2020-8252 (The implementation of realpath in libuv < 10.22.1, < 12.18. NOTE: https://github.com/libuv/libuv/issues/2965 NOTE: Introduced by: https://github.com/libuv/libuv/commit/b56d279b172fbe78dee2fb1d29cae9c9c5c6d1c4 (v1.24.0) NOTE: Fixed by: https://github.com/libuv/libuv/commit/0e6e8620496dff0eb285589ef1e37a7f407f3ddd (v1.39.0) + NOTE: Broken path in uv__fs_realpath() only taken when libuv1 build in + NOTE: pre-POSIX.2008 mode (defined(_POSIX_VERSION) && _POSIX_VERSION < 200809L). CVE-2020-8251 (Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) att ...) - nodejs <not-affected> (Only affects 14.x series) NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#denial-of-service-by-resource-exhaustion-cwe-400-due-to-unfinished-http-1-1-requests-critical-cve-2020-8251 |