Debian 11 Bullseye: DLA-4152-1 critical: nodejs out-of-bounds issue
debian lts
May 1, 2025
Node.js a popular server side javascript engine was affected by a vulnerability on 32bits architecture
Topics Covered
Summary
Build processes for libuv and Node.js for 32-bit systems,
have an inconsistent off_t size (e.g., building on i386 Debian always uses
_FILE_OFFSET_BITS=64 for the libuv dynamic library,
but uses the _FILE_OFFSET_BITS global system default of 32 for nodejs),
leading to out-of-bounds access.
Following reverse dependencies were also rebuilt in order to fix the
vulnerability:
node-expat
node-iconv
node-leveldown
node-modern-syslog
node-nodedbi
node-opencv
node-re2
node-sqlite3
node-sass
node-srs
node-websocket
node-zipfile
r-cran-v8
For Debian 11 bullseye, this problem has been fixed in version
12.22.12~dfsg-1~deb11u7.
We recommend that you upgrade your nodejs packages.
For the detailed security status of nodejs please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/nodejs
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: nodejs
Version: 12.22.12~dfsg-1~deb11u7
CVE ID: CVE-2025-47153
Debian Bug: 922075 1076350
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!