A buffer overflow in libuv might allow remote attacker(s) to execute arbitrary code.
|Package||dev-libs/libuv on all architectures|
|Affected versions||< 1.39.0|
|Unaffected versions||>= 1.39.0|
libuv is a multi-platform support library with a focus on asynchronous I/O.
libuv used an incorrect buffer size for paths, causing a buffer overflow.
A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition.
There is no known workaround at this time.
All libuv users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/libuv-1.39.0"
September 29, 2020
September 29, 2020: 1