Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog
Консоль
Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog

exploitDog

redhat Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2025-23166

ΠžΠΏΡƒΠ±Π»ΠΈΠΊΠΎΠ²Π°Π½ΠΎ: 19 мая 2025
Π˜ΡΡ‚ΠΎΡ‡Π½ΠΈΠΊ: redhat
CVSS3: 7.5
EPSS Низкий

ОписаниС

The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary to remotely crash a Node.js runtime.

A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits(). This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread.

ΠœΠ΅Ρ€Ρ‹ ΠΏΠΎ ΡΠΌΡΠ³Ρ‡Π΅Π½ΠΈΡŽ послСдствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Бсылки Π½Π° источники

Π”ΠΎΠΏΠΎΠ»Π½ΠΈΡ‚Π΅Π»ΡŒΠ½Π°Ρ информация

Бтатус:

Important
Π”Π΅Ρ„Π΅ΠΊΡ‚:
CWE-248
https://bugzilla.redhat.com/show_bug.cgi?id=2367163nodejs: Remote Crash via SignTraits::DeriveBits() in Node.js

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 11%
0.00039
Низкий

7.5 High

CVSS3

БвязанныС уязвимости

ubuntu Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2025-23166

CVSS3: 7.5
ubuntu
6 мСсяцСв Π½Π°Π·Π°Π΄

The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary to remotely crash a Node.js runtime.

nvd Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2025-23166

CVSS3: 7.5
nvd
6 мСсяцСв Π½Π°Π·Π°Π΄

The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary to remotely crash a Node.js runtime.

msrc Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2025-23166

CVSS3: 7.5
msrc
4 мСсяца Π½Π°Π·Π°Π΄

ОписаниС отсутствуСт

debian Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2025-23166

CVSS3: 7.5
debian
6 мСсяцСв Π½Π°Π·Π°Π΄

The C++ method SignTraits::DeriveBits() may incorrectly call ThrowExce ...

github Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

GHSA-rrjv-57mm-j6cm

CVSS3: 7.5
github
6 мСсяцСв Π½Π°Π·Π°Π΄

The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary to remotely crash a Node.js runtime.

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 11%
0.00039
Низкий

7.5 High

CVSS3

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ CVE-2025-23166