AZL-61919 CVE-2025-23166 affecting package nodejs for versions less than 20.14.0-9
The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary...