VYPR

rpm package

suse/nodejs22&distro=SUSE Linux Enterprise Module for Web and Scripting 15 SP6

pkg:rpm/suse/nodejs22&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP6

Vulnerabilities (5)

  • CVE-2025-23166HigMay 19, 2025
    affected < 22.15.1-150600.13.9.1fixed 22.15.1-150600.13.9.1

    The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentiall

  • CVE-2025-23165LowMay 19, 2025
    affected < 22.15.1-150600.13.9.1fixed 22.15.1-150600.13.9.1

    In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a corrupted pointer in `uv_fs_s.file`: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can

  • CVE-2025-23085MedFeb 7, 2025
    affected < 22.13.1-150600.13.6.1fixed 22.13.1-150600.13.6.1

    A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to inc

  • CVE-2025-23083HigJan 22, 2025
    affected < 22.13.1-150600.13.6.1fixed 22.13.1-150600.13.6.1

    With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for

  • CVE-2025-22150MedJan 21, 2025
    affected < 22.13.1-150600.13.6.1fixed 22.13.1-150600.13.6.1

    Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generat