We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-47153



Description

Certain build processes for libuv and Node.js for 32-bit systems, such as for the nodejs binary package through nodejs_20.19.0+dfsg-2_i386.deb for Debian GNU/Linux, have an inconsistent off_t size (e.g., building on i386 Debian always uses _FILE_OFFSET_BITS=64 for the libuv dynamic library, but uses the _FILE_OFFSET_BITS global system default of 32 for nodejs), leading to out-of-bounds access. NOTE: this is not a problem in the Node.js software itself. In particular, the Node.js website's download page does not offer prebuilt Node.js for Linux on i386.

Reserved 2025-05-01 | Published 2025-05-01 | Updated 2025-05-02 | Assigner mitre


MEDIUM: 6.5CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

Problem types

CWE-1102 Reliance on Machine-Dependent Data Representation

Product status

Default status
unknown

nodejs_0.10.0~dfsg1-1_i386.deb
affected

References

bugzilla.redhat.com/show_bug.cgi?id=892601

bugs.debian.org/cgi-bin/bugreport.cgi?bug=922075

bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076350

github.com/nodejs/node-v0.x-archive/issues/4549

cve.org (CVE-2025-47153)

nvd.nist.gov (CVE-2025-47153)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-47153

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.