NVD

CVE-2025-47153 Detail

Awaiting Analysis

This CVE record has been marked for NVD enrichment efforts.

Description

Certain build processes for libuv and Node.js for 32-bit systems, such as for the nodejs binary package through nodejs_20.19.0+dfsg-2_i386.deb for Debian GNU/Linux, have an inconsistent off_t size (e.g., building on i386 Debian always uses _FILE_OFFSET_BITS=64 for the libuv dynamic library, but uses the _FILE_OFFSET_BITS global system default of 32 for nodejs), leading to out-of-bounds access. NOTE: this is not a problem in the Node.js software itself. In particular, the Node.js website's download page does not offer prebuilt Node.js for Linux on i386.

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

Nist CVSS score does not match with CNA score

CNA: MITRE

Base Score: 6.5 MEDIUM

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: N/A

NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Hyperlink	Resource
http://www.openwall.com/lists/oss-security/2025/05/02/2
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076350
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922075
https://bugzilla.redhat.com/show_bug.cgi?id=892601
https://github.com/nodejs/node-v0.x-archive/issues/4549
https://lists.debian.org/debian-lts-announce/2025/05/msg00003.html

Weakness Enumeration

CWE-ID	CWE Name	Source
CWE-1102	Reliance on Machine-Dependent Data Representation	MITRE

Change History

5 change records found show changes

New CVE Received from MITRE 5/01/2025 3:15:58 AM

Action	Type	New Value
Added	Description	Record truncated, showing 500 of 558 characters. View Entire Change Record Certain build processes for libuv and Node.js for 32-bit systems, such as for the nodejs binary package through nodejs_20.19.0+dfsg-1_i386.deb for Debian GNU/Linux, have an inconsistent off_t size (e.g., building on i386 Debian always uses _FILE_OFFSET_BITS=64 for the libuv dynamic library, but uses the _FILE_OFFSET_BITS global system default of 32 for nodejs), leading to out-of-bounds access. NOTE: this is not a problem in the Node.js software itself. In particular, the Node.js website's downlo
Added	Reference	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076350
Added	Reference	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922075
Added	Reference	https://bugzilla.redhat.com/show_bug.cgi?id=892601
Added	Reference	https://github.com/nodejs/node-v0.x-archive/issues/4549

Quick Info

CVE Dictionary Entry:
CVE-2025-47153
NVD Published Date:
05/01/2025
NVD Last Modified:
05/02/2025
Source:
MITRE

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

CVE-2025-47153 Detail

Description

Metrics

References to Advisories, Solutions, and Tools

Weakness Enumeration

Change History

CVE Modified by CVE 5/02/2025 3:15:55 PM

CVE Modified by CVE 5/01/2025 9:15:54 PM

CVE Modified by MITRE 5/01/2025 2:15:58 PM

CVE Modified by MITRE 5/01/2025 4:15:17 AM

New CVE Received from MITRE 5/01/2025 3:15:58 AM

Quick Info