[Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2025-23122

Mon, 19 May 2025 13:31:41 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
06845dc2 by Salvatore Bonaccorso at 2025-05-19T22:19:37+02:00
Remove notes from CVE-2025-23122

After thinking bit more on this: The CVE-2025-23165 is more widespread
and was used as well in the Node.js advisory. As both CVEs were assigned
by the same CNA, a rejection of the CVE-2025-23122 might be possible.

Thus mark the CVE already in advance just with a note.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -479,13 +479,7 @@ CVE-2025-23164 (A misconfigured access token mechanism in 
the Unifi Protect Appl
 CVE-2025-23123 (A malicious actor with access to the management network could 
execute  ...)
        NOT-FOR-US: UniFi Protect
 CVE-2025-23122 (In Node.js, the `ReadFileUtf8` internal binding leaks memory 
due to a  ...)
-       - nodejs 20.19.2+dfsg-1 (bug #1105832)
-       [bullseye] - nodejs <not-affected> (The vulnerable code was introduced 
later)
-       NOTE: 
https://nodejs.org/en/blog/vulnerability/may-2025-security-releases#corrupted-pointer-in-nodefsreadfileutf8const-functioncallbackinfovalue-args-when-args0-is-a-string-cve-2025-23165---low
-       NOTE: https://github.com/nodejs/node/issues/57800
-       NOTE: Fixed by: 
https://github.com/nodejs/node/commit/9e13bf0a81e15c7b3a9f1826dccbcea991d7e63a 
(v20.19.2)
-       NOTE: Introduced by: 
https://github.com/nodejs/node/commit/938471ef556f2d64257059b60889a8c84621eea6 
(v20.8.0)
-       TODO: check, duplicate of CVE-2025-23165, contacting both CNAs to see 
which to retain
+       NOTE: Duplicate of CVE-2025-23165 (CNA contacted for rejection)
 CVE-2025-1627 (The Qi Blocks WordPress plugin before 1.4 does not validate and 
escape ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-1626 (The Qi Blocks WordPress plugin before 1.4 does not validate and 
escape ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06845dc20f09513464892edea262b3672789567d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/06845dc20f09513464892edea262b3672789567d
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to