Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2021-22918

UNKNOWN
Published 2021-07-12T00:00:00
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2021-22918. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information disclosures or crashes. This function can be triggered via uv_getaddrinfo().

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

NodeJS

Node

Affected Versions:

4.0 5.0 6.0 7.0 8.0 9.0 10.0 11.0 12.0 13.0 14.0 15.0 16.0

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

Out-of-Bounds Read in Node.js

GHSA-x3cj-3539-rcpx

Advisory Details

Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information disclosures or crashes. This function can be triggered via uv_getaddrinfo().

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-22918
WEB https://hackerone.com/reports/1209681
WEB https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
WEB https://nodejs.org/en/blog/vulnerability/july-2021-security-releases
WEB https://security.gentoo.org/glsa/202401-23
WEB https://security.netapp.com/advisory/ntap-20210805-0003

Advisory provided by GitHub Security Advisory Database. Published: July 13, 2021, Modified: December 3, 2021

References

https://hackerone.com/reports/1209681
https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/
https://security.netapp.com/advisory/ntap-20210805-0003/
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://security.gentoo.org/glsa/202401-23
Published: 2021-07-12T00:00:00
Last Modified: 2025-04-30T22:24:33.832Z
Copied to clipboard!