{"uuid": "0be3083e-a942-4636-aad7-88ce499870eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-47153", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14243", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47153\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Certain build processes for libuv and Node.js for 32-bit systems, such as for the nodejs binary package through nodejs_20.19.0+dfsg-1_i386.deb for Debian GNU/Linux, have an inconsistent off_t size (e.g., building on i386 Debian always uses _FILE_OFFSET_BITS=64 for the libuv dynamic library, but uses the _FILE_OFFSET_BITS global system default of 32 for nodejs), leading to out-of-bounds access. NOTE: this is not a problem in the Node.js software itself. In particular, the Node.js website's download page does not offer prebuilt Node.js for Linux on i386.\n\ud83d\udccf Published: 2025-05-01T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-01T07:02:34.210Z\n\ud83d\udd17 References:\n1. https://bugzilla.redhat.com/show_bug.cgi?id=892601\n2. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922075\n3. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076350\n4. https://github.com/nodejs/node-v0.x-archive/issues/4549", "creation_timestamp": "2025-05-01T07:14:11.000000Z"}