Advisories ยป MGASA-2025-0161

Updated nodejs packages fix security vulnerabilities

Publication date: 24 May 2025
Modification date: 24 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-23165 , CVE-2025-23166 , CVE-2025-23167

Description

Corrupted pointer in node::fs::ReadFileUtf8(const
FunctionCallbackInfo& args) when args[0] is a string.
(CVE-2025-23165)
Improper error handling in async cryptographic operations crashes
process. (CVE-2025-23166)
Improper HTTP header block termination in llhttp. (CVE-2025-23167)
                

References

SRPMS

9/core