Windows 10 console output buffer overflow (libuv CVE-2016-9551)

[Rod Vagg]

Please be aware that Node.js v7.2.0 was released today and includes a small security update arising from libuv: https://nodejs.org/en/blog/release/v7.2.0/

libuv v1.10.1 reverts a change that was introduced in v1.10.0, included in Node.js v7.1.0. The reverted code was found to contain a potential buffer overflow in output written to the console. We are not aware of any exploit of this flaw and it only impacts Windows 10 (November update and later). This flaw has been assigned the identifier CVE-2016-9551 and was originally discovered and reported by Hitesh Kanwathirtha of Microsoft.

Users of the v7 release line running on Windows 10 should upgrade to Node.js v7.2.0 at their earliest convenience.

No other version of Node.js is known to be impacted by this flaw.