CVE-2025-47153

Name of the Vulnerable Software and Affected Versions libuv and Node.js versions prior to nodejs 20.19.0+dfsg-2 i386.deb

Description The issue arises from certain build processes for libuv and Node.js on 32-bit systems, where the off t size is inconsistent. This inconsistency occurs because the build process for the libuv dynamic library always uses FILE OFFSET BITS=64, while the nodejs build uses the global system default of 32. This leads to out-of-bounds access. It is noted that this is not a problem in the Node.js software itself, but rather in the build process for certain binary packages, such as those for Debian GNU/Linux.

Recommendations For versions prior to nodejs 20.19.0+dfsg-2 i386.deb, consider rebuilding the nodejs package with consistent FILE OFFSET BITS settings to prevent out-of-bounds access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.