Threats Tagged 'cve-2025-31498'

This advisory addresses two security vulnerabilities in Node. js 22 as packaged for Red Hat Enterprise Linux 8. The first is a use-after-free vulnerability in the c-ares library (CVE-2025-31498), and the second is an integer overflow in SQLite (CVE-2025-3277). Both vulnerabilities have been rated with a high security impact by Red Hat Product Security. The update rebases Node. js 22 to the latest release to include these fixes. No CVSS score is provided in the advisory, but the severity is considered important by Red Hat. The advisory includes instructions for applying the update to affected Red Hat Enterprise Linux 8 versions. There are no known exploits in the wild at this time.

This advisory addresses two security vulnerabilities affecting Node. js as packaged in Red Hat Enterprise Linux 9. The first is a use-after-free vulnerability in the c-ares library (CVE-2025-31498), and the second is an integer overflow vulnerability in SQLite (CVE-2025-3277). Both vulnerabilities have been rated with a high security impact by Red Hat Product Security. An update to the nodejs:22 module is available to remediate these issues. The advisory provides detailed instructions for applying the update to affected Red Hat Enterprise Linux 9 systems.

A use-after-free vulnerability (CVE-2025-31498) exists in the c-ares library component used by Node. js 20, specifically in the read_answers() function. This vulnerability has been rated as having moderate security impact by Red Hat Product Security. The issue affects multiple Red Hat Enterprise Linux 9. 4 Extended Update Support versions. An update addressing this vulnerability is available from Red Hat. No known exploits are reported in the wild at this time.