CVE-2014-9748: 
Node.js vulnerability analysis and mitigation

The vulnerability (CVE-2014-9748) affects the uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv versions before 1.7.4. The flaw was discovered by Zhou Ran and involves improper thread lock management (Node Blog, NVD).

The vulnerability stems from a design flaw in the read/write locks implementation where threads could release locks that were acquired by other threads, leading to undefined behavior. The issue specifically affects the fallback implementation used on Windows XP and Windows Server 2003 platforms. The vulnerability has a CVSS v3.1 Base Score of 8.1 (HIGH) with vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability allows attackers to cause a denial of service (deadlock) or potentially have unspecified other impact by leveraging a race condition. The improper thread lock management could lead to undefined and potentially unsafe behavior in applications using the affected versions of libuv (NVD).

The vulnerability was fixed in libuv version 1.7.4. For Node.js users, versions v4 and later are not affected as the usage of read/write locks was replaced with simple mutexes. Node.js v0.12.15 and v0.10.46 include the patched version of libuv (Node Blog).