Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-gcf6-vgcr-474f

Опубликовано: 19 мая 2025
Источник: github
Github: Не прошло ревью
CVSS3: 3.7

Описание

In Node.js, the ReadFileUtf8 internal binding leaks memory due to a corrupted pointer in uv_fs_s.file: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory growth, leading to a denial of service.

Impact:

  • This vulnerability affects APIs relying on ReadFileUtf8 on Node.js release lines: v20 and v22.

In Node.js, the ReadFileUtf8 internal binding leaks memory due to a corrupted pointer in uv_fs_s.file: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory growth, leading to a denial of service.

Impact:

  • This vulnerability affects APIs relying on ReadFileUtf8 on Node.js release lines: v20 and v22.

Ссылки

EPSS

Процентиль: 22%
0.00071
Низкий

3.7 Low

CVSS3

CVE ID

CVE-2025-23165

Дефекты

CWE-401

Связанные уязвимости

ubuntu логотип

CVE-2025-23165

CVSS3: 3.7
ubuntu
6 месяцев назад

In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a corrupted pointer in `uv_fs_s.file`: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory growth, leading to a denial of service. Impact: * This vulnerability affects APIs relying on `ReadFileUtf8` on Node.js release lines: v20 and v22.

redhat логотип

CVE-2025-23165

CVSS3: 3.7
redhat
6 месяцев назад

In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a corrupted pointer in `uv_fs_s.file`: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory growth, leading to a denial of service. Impact: * This vulnerability affects APIs relying on `ReadFileUtf8` on Node.js release lines: v20 and v22.

nvd логотип

CVE-2025-23165

CVSS3: 3.7
nvd
6 месяцев назад

In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a corrupted pointer in `uv_fs_s.file`: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory growth, leading to a denial of service. Impact: * This vulnerability affects APIs relying on `ReadFileUtf8` on Node.js release lines: v20 and v22.

msrc логотип

CVE-2025-23165

CVSS3: 3.7
msrc
4 месяца назад

Описание отсутствует

debian логотип

CVE-2025-23165

CVSS3: 3.7
debian
6 месяцев назад

In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a ...

EPSS

Процентиль: 22%
0.00071
Низкий

3.7 Low

CVSS3

CVE ID

CVE-2025-23165

Дефекты

CWE-401