Problem Description:
When exchanging data over a socket, libnv uses select(2) to
wait for data to arrive. However, it does not verify whether the
provided socket descriptor fits in select(2)'s file descriptor set
size limit of FD_SETSIZE (1024).
Impact:
An attacker who is able to force a libnv application to allocate
large file descriptors, e.g., by opening many descriptors and
executing a program which is not careful to close them upon startup,
can trigger stack corruption. If the target application is
setuid-root, then this could be used to elevate local privileges.