INFSA-2025:7433: nodejs:22 security update
Information about definition
Identificator: INFSA-2025:7433
Type: security
Release date: 2025-07-10 21:46:36 UTC
Information about package
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Vulnerabilities description
- CVE-2025-31498
A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing.
- CVE-2025-3277
SQLite could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the concat_ws() function.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-31498
|
no information | 7.0 | no information |
|
NIST — CVE-2025-3277
|
no information | 7.3 | no information |
Updated packages