{"id":"AZL-41581","summary":"CVE-2021-22918 affecting package pytorch for versions less than 2.2.2-4","details":"Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information disclosures or crashes. This function can be triggered via uv_getaddrinfo().","modified":"2026-04-01T05:14:22.315616Z","published":"2021-07-12T11:15:07Z","upstream":["CVE-2021-22918"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22918"}],"affected":[{"package":{"name":"pytorch","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/pytorch"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.2-4"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-41581.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}