CVE-2014-9748
The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows attackers to cause a denial of service (deadlock) or possibly have unspecified other impact by leveraging a race condition.
| Software | From | Fixed in |
|---|---|---|
| libuv / libuv | - | 1.7.4 |
| nodejs / node.js | 0.12.0 | 0.12.15 |
| nodejs / node.js | 0.10.0 | 0.10.46 |
- https://github.com/libuv/libuv/issues/515
- https://github.com/libuv/libuv/pull/516
- https://github.com/nodejs/node/pull/2723
- https://groups.google.com/forum/#!msg/libuv/KyNnGEXR0OA/NWb605ev2LUJ
- https://groups.google.com/forum/#!topic/libuv/WO2cl9zasN8
- https://groups.google.com/forum/#%21msg/libuv/KyNnGEXR0OA/NWb605ev2LUJ
- https://groups.google.com/forum/#%21topic/libuv/WO2cl9zasN8
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime