summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSalvatore Bonaccorso <carnil@debian.org>2020-09-18 14:35:39 +0200
committerSalvatore Bonaccorso <carnil@debian.org>2020-09-18 14:35:39 +0200
commit7856a5c98e8ba50193ab6f06ce27ae05e8d3e1c5 (patch)
tree557409356d143831005336921b7a43f749877e4f
parente13e9f03d92b0da78a6528faedb8c9fa61351435 (diff)
Add reference for commit in libuv upstream referring to CVE-2020-8252
-rw-r--r--data/CVE/list1
1 files changed, 1 insertions, 0 deletions
diff --git a/data/CVE/list b/data/CVE/list
index 9384cf3d82..78a614fd2d 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -41171,6 +41171,7 @@ CVE-2020-8252 [fs.realpath.native on may cause buffer overflow]
- libuv1 1.39.0-1
NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#fs-realpath-native-on-may-cause-buffer-overflow-medium-cve-2020-8252
NOTE: Debian's version of nodejs uses the shared system library of libuv1 instead of the bundled one
+ NOTE: https://github.com/libuv/libuv/commit/0e6e8620496dff0eb285589ef1e37a7f407f3ddd
CVE-2020-8251 [Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests]
RESERVED
- nodejs <not-affected> (Only affects 14.x series)

© 2014-2024 Faster IT GmbH | imprint | privacy policy