Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-47153
PUBLISHED
More InfoOfficial Page
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
View Known Exploited Vulnerability (KEV) details
Published At-01 May, 2025 | 00:00
Updated At-02 May, 2025 | 19:02
Rejected At-
▼CVE Numbering Authority (CNA)

Certain build processes for libuv and Node.js for 32-bit systems, such as for the nodejs binary package through nodejs_20.19.0+dfsg-2_i386.deb for Debian GNU/Linux, have an inconsistent off_t size (e.g., building on i386 Debian always uses _FILE_OFFSET_BITS=64 for the libuv dynamic library, but uses the _FILE_OFFSET_BITS global system default of 32 for nodejs), leading to out-of-bounds access. NOTE: this is not a problem in the Node.js software itself. In particular, the Node.js website's download page does not offer prebuilt Node.js for Linux on i386.

Affected Products
Vendor
Debian GNU/LinuxDebian
Product
trixie
Collection URL
https://packages.debian.org
Package Name
nodejs
Platforms
  • i386
Default Status
unknown
Versions
Affected
  • From nodejs_0.10.0~dfsg1-1_i386.deb through nodejs_20.19.0+dfsg-2_i386.deb (custom)
Problem Types
TypeCWE IDDescription
CWECWE-1102CWE-1102 Reliance on Machine-Dependent Data Representation
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://bugzilla.redhat.com/show_bug.cgi?id=892601
N/A
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922075
N/A
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076350
N/A
https://github.com/nodejs/node-v0.x-archive/issues/4549
N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://lists.debian.org/debian-lts-announce/2025/05/msg00003.html
N/A
http://www.openwall.com/lists/oss-security/2025/05/02/2
N/A
Details not found