Wind River Support Network

HomeDefectsLIN1023-1622
Fixed

LIN1023-1622 : Security Advisory - nodejs - CVE-2022-25883

Created: Aug 8, 2023    Updated: Apr 17, 2024
Resolved Date: Sep 11, 2023
Found In Version: 10.23.30.1
Fix Version: 10.23.30.1
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Userspace

Description

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.



CREATE(Triage):(User=admin) CVE-2022-25883 (https://nvd.nist.gov/vuln/detail/CVE-2022-25883)

CVEs

  • Linkedin
  • Facebook
  • Twitter
  • Youtube