7.5

CVE-2025-23166

The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary to remotely crash a Node.js runtime.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Herstellernodejs
Produkt node
Default Statusunaffected
Version 4.0
Version < 4.*
Status affected
Version 5.0
Version < 5.*
Status affected
Version 6.0
Version < 6.*
Status affected
Version 7.0
Version < 7.*
Status affected
Version 8.0
Version < 8.*
Status affected
Version 9.0
Version < 9.*
Status affected
Version 10.0
Version < 10.*
Status affected
Version 11.0
Version < 11.*
Status affected
Version 12.0
Version < 12.*
Status affected
Version 13.0
Version < 13.*
Status affected
Version 14.0
Version < 14.*
Status affected
Version 15.0
Version < 15.*
Status affected
Version 16.0
Version < 16.*
Status affected
Version 17.0
Version < 17.*
Status affected
Version 18.0
Version < 18.*
Status affected
Version 19.0
Version < 19.*
Status affected
Version <= 20.19.1
Version 20.0
Status affected
Version <= 22.15.0
Version 22.0
Status affected
Version <= 23.11.0
Version 23.0
Status affected
Version <= 24.0.1
Version 24.0
Status affected
Version 21.0
Version < 21.*
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.3% 0.534
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
support@hackerone.com 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-248 Uncaught Exception

An exception is thrown from a function, but it is not caught.