CVE-2020-8252

Summary

The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes.

Affected Software

VendorProductVersion RangeStatus
NodeJSNode4.0 < 4.*affected
NodeJSNode5.0 < 5.*affected
NodeJSNode6.0 < 6.*affected
NodeJSNode7.0 < 7.*affected
NodeJSNode8.0 < 8.*affected
NodeJSNode9.0 < 9.*affected
NodeJSNode10.0 < 10.22.1affected
NodeJSNode11.0 < 11.*affected
NodeJSNode12.0 < 12.18.4affected
NodeJSNode13.0 < 13.*affected
NodeJSNode14.0 < 14.9.0affected

Weaknesses

  • CWE-120: Classic Buffer Overflow (CWE-120)

ADP Enrichment

CVE Program Container

Additional References

References