4 matches found
Security update for nodejs22
This update for nodejs22 fixes the following issues: Update to version 22.15.1. Security issues fixed: CVE-2025-23166: remotely triggerable process crash due to improper error handling in async cryptographic operations bsc1243218. CVE-2025-23165: memory leak and unbounded memory growth due to...
Security update for nodejs22
This update for nodejs22 fixes the following issues: Update to version 22.15.1. Security issues fixed: CVE-2025-23166: remotely triggerable process crash due to improper error handling in async cryptographic operations bsc1243218. CVE-2025-23165: memory leak and unbounded memory growth due to...
SUSE CVE-2025-23165
In Node.js, the ReadFileUtf8 internal binding leaks memory due to a corrupted pointer in uvfss.file: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the ReadFileUtf8 internal binding, which fails to clean up pointers in uvfss.file. UTF-16 path buffers leak memory, which can lead to denial of service. Note: CVE-2025-23122 is a...