-
-
Notifications
You must be signed in to change notification settings - Fork 132
Expand file tree
/
Copy path151.json
More file actions
14 lines (14 loc) · 858 Bytes
/
151.json
File metadata and controls
14 lines (14 loc) · 858 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
{
"cve": [
"CVE-2025-23165"
],
"vulnerable": "20.x || 22.x",
"patched": "^20.19.2 || ^22.15.1",
"ref": "https://nodejs.org/en/blog/vulnerability/may-2025-security-releases/",
"description": "Corrupted pointer in node::fs::ReadFileUtf8(const FunctionCallbackInfo<Value>& args) when args[0] is a string.",
"overview": "In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a corrupted pointer in `uv_fs_s.file`: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory growth, leading to a denial of service.\n\nImpact:\n* This vulnerability affects APIs relying on `ReadFileUtf8` on Node.js release lines: v20 and v22.",
"affectedEnvironments": [
"win32"
],
"severity": "low"
}