VDB

ALPINE-CVE-2020-8252

ALPINE-CVE-2020-8252 PUBLISHED CVSS 7.800000190734863 HIGH

The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes.

Risk Scores

CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Alpine:v3.21libuv0, 0, 0
Alpine:v3.19nodejs10.14.1-r0, 0, 0
Alpine:v3.13nodejs12.16.2-r0, 0, 8.11.3-r1
Alpine:v3.17libuv1.13.1-r0, 1.15.0-r0, 0.10.29-r0
Alpine:v3.21nodejs0, 0, 0
Alpine:v3.24nodejs0, 0
Alpine:v3.15libuv1.35.0-r0, 1.34.0-r0, 1.33.1-r0
Alpine:v3.12nodejs6.9.5-r1, 0, 0
Alpine:v3.23libuv1.17.0-r0, 1.4.2-r0, 1.5.0-r0
Alpine:v3.18nodejs6.11.1-r1, 4.5.0-r0, 8.9.4-r0
Alpine:v3.19libuv1.8.0-r0, 1.7.3-r0, 1.7.0-r0
Alpine:v3.24libuv0, 0
Alpine:v3.13libuv0, 1.20.2-r0, 0
Alpine:v3.18libuv0, 1.36.0-r0, 1.34.2-r0
Alpine:v3.20libuv1.34.0-r0, 1.34.1-r0, 1.34.2-r0
Alpine:v3.12libuv1.20.2-r0, 0, 0.10.25-r0
Alpine:v3.20nodejs8.9.2-r0, 8.9.3-r0, 8.9.3-r1
Alpine:v3.16nodejs8.11.3-r1, 8.9.1-r0, 8.9.0-r0
Alpine:v3.22libuv1.10.1-r0, 1.10.2-r0, 1.11.0-r0
Alpine:v3.11nodejs8.11.3-r0, 0, 0

…and 7 more

Timeline

  • Sep 18, 2020 CVE Published
  • Apr 30, 2026 Distribution Patch
  • Jun 15, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›