nodejs-lts-jod

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	Evented I/O for V8 javascript ("Active LTS" release: Jod)
Version	22.16.0-1 [extra]

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-2872	22.14.0-2	22.15.1-1	High	Fixed

Issue	Group	Severity	Remote	Type	Description
CVE-2025-23166	AVG-2872	High	Yes	Denial of service	Improper error handling in async cryptographic operations crashes process. The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException()...
CVE-2025-23165	AVG-2872	Low	Yes	Denial of service	Corrupted pointer in node::fs::ReadFileUtf8(const FunctionCallbackInfo<Value>& args) when args[0] is a string. In Node.js, the ReadFileUtf8 internal...

Issue

Group

Severity

Remote

Type

Description

CVE-2025-23166

AVG-2872

High

Yes

Denial of service

Improper error handling in async cryptographic operations crashes process.  The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException()...

CVE-2025-23165

AVG-2872

Low

Yes

Denial of service

Corrupted pointer in node::fs::ReadFileUtf8(const FunctionCallbackInfo<Value>& args) when args[0] is a string.  In Node.js, the ReadFileUtf8 internal...

Advisories

Date	Advisory	Group	Severity	Type
18 May 2025	ASA-202505-7	AVG-2872	High	denial of service