Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 25.04: sha.js Critical D0S Denial of Service USN-7778-1

ubuntu
Calendar Grey September 25, 2025
Dist Ubuntu Esm H88
Upgrade Ubuntu installations to address the significant sha.js vulnerability which leads to excessive resource usage or invalid hash results.
sha.js could be made to consume resources or return incorrect hash values if it received specially crafted input.

Summary

sha.js could be made to consume resources or return incorrect hash

values if it received specially crafted input.

Software Description:

- node-sha.js: Streamable SHA hashes in pure javascript

Details:

Nikita Skovoroda discovered that sha.js did not properly handle

certain inputs. An attacker could possibly use this issue to manipulate

the internal state of hash functions, resulting in hash collisions,

denial of service, or other unspecified impact.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
  node-sha.js                     2.4.11+~2.4.0-2+deb13u1build0.25.04.1

Ubuntu 24.04 LTS
  node-sha.js                     2.4.11+~2.4.0-2+deb13u1build0.24.04.1

Ubuntu 22.04 LTS
  node-sha.js                     2.4.11+~2.4.0-1ubuntu0.1

Ubuntu 20.04 LTS
  node-sha.js                     2.4.11-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  node-sha.js                     2.4.9-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7778-1

CVE-2025-9288

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7778-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here