nodejs:22 security update
エラータID: AXSA:2025-9926:01
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
* c-ares: c-ares has a use-after-free in read_answers() (CVE-2025-31498)
* SQLite: integer overflow in SQLite (CVE-2025-3277)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2025-31498
c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in read_answers() when process_answer() may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed the connection immediately after a response. If there was an issue trying to put that new transaction on the wire, it would close the connection handle, but read_answers() was still expecting the connection handle to be available to possibly dequeue other responses. In theory a remote attacker might be able to trigger this by flooding the target with ICMP UNREACHABLE packets if they also control the upstream nameserver and can return a result with one of those conditions, this has been untested. Otherwise only a local attacker might be able to change system behavior to make send()/write() return a failure condition. This vulnerability is fixed in 1.34.5.
CVE-2025-3277
An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.
Modularity name: "nodejs"
Stream name: "22"
Update packages.
c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in read_answers() when process_answer() may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed the connection immediately after a response. If there was an issue trying to put that new transaction on the wire, it would close the connection handle, but read_answers() was still expecting the connection handle to be available to possibly dequeue other responses. In theory a remote attacker might be able to trigger this by flooding the target with ICMP UNREACHABLE packets if they also control the upstream nameserver and can return a result with one of those conditions, this has been untested. Otherwise only a local attacker might be able to change system behavior to make send()/write() return a failure condition. This vulnerability is fixed in 1.34.5.
An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.
N/A
SRPMS
- nodejs-nodemon-3.0.1-1.module+el8+1870+1a6b2b6a.src.rpm
MD5: 085345f1bf4e7a28b7a6fa8224074839
SHA-256: ebad8d423596ac61b90de092d7ec25ac82ff9af9dfca595b03d5df9923c5da0b
Size: 340.07 kB - nodejs-packaging-2021.06-4.module+el8+1870+1a6b2b6a.src.rpm
MD5: 6fce7f173ca18c38b55be1351e77c30e
SHA-256: 7b117706fdcf10a0a8f3f32ff33ad2b8636a513b43dd361b54ed0888118d2809
Size: 30.62 kB - nodejs-22.15.0-1.module+el8+1870+1a6b2b6a.src.rpm
MD5: ee543e53affafe59ee61a3353dc9ee1c
SHA-256: 6081462cb0cf6827ef3cf739e1563d7af4e99221640cb1b095c19c25ebb2d2db
Size: 93.43 MB
Asianux Server 8 for x86_64
- nodejs-22.15.0-1.module+el8+1870+1a6b2b6a.x86_64.rpm
MD5: 9ba03a8849c06b0577d45cf19228efb7
SHA-256: 46f6e9328665968230f10dd686aa094a726e93214c2c3fbf0e7cd822504f9724
Size: 2.11 MB - nodejs-debugsource-22.15.0-1.module+el8+1870+1a6b2b6a.x86_64.rpm
MD5: 6ab63cd2e9b65e5842e553d2b37019c3
SHA-256: 80553d85bbb96e82842ebe2680e246ac8f5a72042d903d51e2ab67a13a156dbc
Size: 19.91 MB - nodejs-devel-22.15.0-1.module+el8+1870+1a6b2b6a.x86_64.rpm
MD5: 5108d23ef76b96d3de9ebd7fedb8dd46
SHA-256: 91619c23eefae9242df57de9f0e9985c37956389b29bbb45d08beeec27f82667
Size: 267.76 kB - nodejs-docs-22.15.0-1.module+el8+1870+1a6b2b6a.noarch.rpm
MD5: 1ec2031c8a7b352c4363ec91dce6c82e
SHA-256: 34c75ac3e6f2b1b5d0b9f8a1ff1a6316e65eb91a5195dc1499efdeaddbc7e644
Size: 11.32 MB - nodejs-full-i18n-22.15.0-1.module+el8+1870+1a6b2b6a.x86_64.rpm
MD5: 20d2cd31a509d14e3834044eef21280b
SHA-256: d4af3f134d0a108ddaf9e6b21eb452d0390aea575d9a28501fa16dcce41a4392
Size: 8.31 MB - nodejs-libs-22.15.0-1.module+el8+1870+1a6b2b6a.x86_64.rpm
MD5: dc14f15b5c80715e15bf3949e070ef64
SHA-256: 9ce89c0b23d748cfc70ae17843ce260696848668463fadbf57bf8b2545955d95
Size: 20.54 MB - nodejs-nodemon-3.0.1-1.module+el8+1870+1a6b2b6a.noarch.rpm
MD5: 64534f122e9658a596079d1a577ef607
SHA-256: 42d398b568f38d5f878082b93007f6fc5807d55543e2520349bb5d5cd74f161d
Size: 281.67 kB - nodejs-packaging-2021.06-4.module+el8+1870+1a6b2b6a.noarch.rpm
MD5: 8003a426ab757e6938a0ceb11b6146bf
SHA-256: d0bcfe8396c822276072b4b8d23273e5eb1f476fdd9d961344b49dbf0961d80f
Size: 24.25 kB - nodejs-packaging-bundler-2021.06-4.module+el8+1870+1a6b2b6a.noarch.rpm
MD5: 0a74ce78a8d5bffad25f8e529d45dc7f
SHA-256: 8d0e466ba005db83f52a9b608ab0a5803bd5c9033fae029be449f457b87b3abb
Size: 13.87 kB - npm-10.9.2-1.22.15.0.1.module+el8+1870+1a6b2b6a.x86_64.rpm
MD5: f9e4d585b4e100875971b692b6df8159
SHA-256: 9fc54f8fd6e2588cd596fbd604e1043ea5232d2436693f2ea92bcafd62d36b27
Size: 2.28 MB - v8-12.4-devel-12.4.254.21-1.22.15.0.1.module+el8+1870+1a6b2b6a.x86_64.rpm
MD5: 16052f9fddb45a690243aa8ca9d860e4
SHA-256: 69f12e9c1a2536781aeaf9b21d5ab5b1cea806cc1d7822cf874dd87334abdc49
Size: 14.55 kB
日本語