From 08cf953ccba27d1074cce9707fa9a83fa27d8292 Mon Sep 17 00:00:00 2001 From: RafaelGSS Date: Wed, 28 May 2025 15:55:22 -0300 Subject: [PATCH] vuln: update affected environment CVE-2025-23165 Refs: https://github.com/nodejs-private/security-release/pull/61 --- vuln/core/151.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vuln/core/151.json b/vuln/core/151.json index 143b77212..f992e6976 100644 --- a/vuln/core/151.json +++ b/vuln/core/151.json @@ -6,9 +6,9 @@ "patched": "^20.19.2 || ^22.15.1", "ref": "https://nodejs.org/en/blog/vulnerability/may-2025-security-releases/", "description": "Corrupted pointer in node::fs::ReadFileUtf8(const FunctionCallbackInfo& args) when args[0] is a string.", - "overview": "In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a corrupted pointer in `uv_fs_s.file`: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory growth, leading to a denial of service.\n\nImpact:\n* This vulnerability affects APIs relying on `ReadFileUtf8` on Node.js release lines: v20 and v22.", + "overview": "In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a corrupted pointer in `uv_fs_s.file`: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory growth, leading to a denial of service.\n\nImpact:\n* This vulnerability affects Windows systems relying on `ReadFileUtf8` API on Node.js release lines: v20 and v22.", "affectedEnvironments": [ - "all" + "win32" ], "severity": "low" }