2 matches found
Amazon Linux 2 : nerdctl, --advisory ALAS2-2026-3229 (ALAS-2026-3229)
"The version of nerdctl installed on the remote host is prior to 2.2.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3229 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix...
CVE-2025-23165
In Node.js, the ReadFileUtf8 internal binding leaks memory due to a corrupted pointer in uvfss.file: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory...