Opened 9 months ago
Closed 9 months ago
#21569 closed enhancement (fixed)
node.js-22.15.1
| Reported by: | Bruce Dubbs | Owned by: | zeckma |
|---|---|---|---|
| Priority: | elevated | Milestone: | 12.4 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New point version.
Change History (4)
comment:1 by , 9 months ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 9 months ago
| Priority: | normal → elevated |
|---|
comment:3 by , 9 months ago
| Owner: | changed from to |
|---|---|
| Status: | assigned → new |
Zeckma contacted me on Discord about this one, going to reassign it to her
comment:4 by , 9 months ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Fixed at feed3f264365c21fa9ff0d429d7756c696d8a9fa. Thanks for reassigning the ticket to me, Doug! Good luck with the SAs!
Note:
See TracTickets
for help on using tickets.
Release notes:
Notable Changes
Commits
CVE Information:
Improper error handling in async cryptographic operations crashes process (CVE-2025-23166) - (high)
The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary to remotely crash a Node.js runtime.
Corrupted pointer in node::fs::ReadFileUtf8(const FunctionCallbackInfo<Value>& args) when args[0] is a string. (CVE-2025-23165) - (low)
In Node.js, the ReadFileUtf8 internal binding leaks memory due to a corrupted pointer in uv_fs_s.file: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory growth, leading to a denial of service.