CVE-2025-23165 - CERT CVE
ID CVE-2025-23165
Sažetak In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a corrupted pointer in `uv_fs_s.file`: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory growth, leading to a denial of service. Impact: * This vulnerability affects APIs relying on `ReadFileUtf8` on Node.js release lines: v20 and v22.
Reference
CVSS
Base: 3.7
Impact: 1.4
Exploitability:2.2
Pristup
VektorSloženostAutentikacija
NETWORK HIGH NONE
Impact
PovjerljivostCjelovitostDostupnost
NONE NONE LOW
CVSS vektor CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Zadnje važnije ažuriranje 19-05-2025 - 02:15
Objavljeno 19-05-2025 - 02:15