HIGH
libuv
CVE published 2024-11-12
CVE-2024-24806
CVE-2024-24806 is a high-severity vulnerability in libuv, a multi-platform asynchronous I/O support library. The flaw exists in the `uv_getaddrinfo` function, which truncates hostnames to 256 characters before calling `getaddrinfo`. When hostnames exceed this length, truncation occurs without a terminating null byte, potentially allowing crafted payloads to resolve to unintended IP addresses such as `0x00 [truncated]