The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv prior to 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows malicious users to cause a denial of service (deadlock) or possibly have unspecified other impact by leveraging a race condition.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
libuv libuv |
||
nodejs node.js |