A buffer overflow in libuv might allow remote attacker(s) to execute arbitrary code.
Package | dev-libs/libuv on all architectures |
---|---|
Affected versions | < 1.39.0 |
Unaffected versions | >= 1.39.0 |
libuv is a multi-platform support library with a focus on asynchronous I/O.
libuv used an incorrect buffer size for paths, causing a buffer overflow.
A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition.
There is no known workaround at this time.
All libuv users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/libuv-1.39.0"
Release date
September 29, 2020
Latest revision
September 29, 2020: 1
Severity
normal
Exploitable
remote
Bugzilla entries