Advisories » MGASA-2025-0161

Updated nodejs packages fix security vulnerabilities

Publication date: 24 May 2025
Modification date: 24 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-23165 , CVE-2025-23166 , CVE-2025-23167

Description

Corrupted pointer in node::fs::ReadFileUtf8(const
FunctionCallbackInfo& args) when args[0] is a string.
(CVE-2025-23165)
Improper error handling in async cryptographic operations crashes
process. (CVE-2025-23166)
Improper HTTP header block termination in llhttp. (CVE-2025-23167)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=34278
• https://nodejs.org/en/blog/vulnerability/may-2025-security-releases
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23165
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23166
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23167

SRPMS

9/core

• nodejs-22.16.0-1.mga9