CLSA-2026-1772125283

See a problem?

Import Source

https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1772125283.json

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2026-1772125283

Upstream

CVE-2025-23167

CVE-2025-55131

CVE-2025-59465

CVE-2025-59466

Published

2026-02-26T17:01:28Z

Modified

2026-06-01T00:32:41.775056115Z

Summary

nodejs: Fix of 4 CVEs

Details

CVE-2025-23167: fix improper termination of HTTP/1 headers using \r\n\rX instead of the required \r\n\r\n.
CVE-2025-59466: fix uncatchable stack overflow exceptions when asynchooks are enabled, preventing denial-of-service crashes in applications using AsyncLocalStorage or asynchooks.createHook().
CVE-2025-59465: add TLSSocket default error handler to prevent server crash from unhandled ECONNRESET when a malformed HTTP/2 HEADERS frame with invalid HPACK data abruptly destroys a TLS connection during initialization.
CVE-2025-55131: refactor unsafe buffer creation to remove zero-fill toggle, preventing exposure of uninitialized memory when buffer allocations are interrupted via the vm module timeout option.

References

https://errata.tuxcare.com/els_os/tuxcare9.6esu/CLSA-2026-1772125283.html

Affected packages

TuxCare:AlmaLinux:9.6

nodejs

Package

Name: nodejs
Purl: pkg:rpm/tuxcare/nodejs?distro=almalinux-9.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:16.20.2-8.el9_6.tuxcare.els8

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1772125283.json"

nodejs-devel

Package

Name: nodejs-devel
Purl: pkg:rpm/tuxcare/nodejs-devel?distro=almalinux-9.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:16.20.2-8.el9_6.tuxcare.els8

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1772125283.json"

nodejs-docs

Package

Name: nodejs-docs
Purl: pkg:rpm/tuxcare/nodejs-docs?distro=almalinux-9.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:16.20.2-8.el9_6.tuxcare.els8

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1772125283.json"

nodejs-full-i18n

Package

Name: nodejs-full-i18n
Purl: pkg:rpm/tuxcare/nodejs-full-i18n?distro=almalinux-9.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:16.20.2-8.el9_6.tuxcare.els8

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1772125283.json"

nodejs-libs

Package

Name: nodejs-libs
Purl: pkg:rpm/tuxcare/nodejs-libs?distro=almalinux-9.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:16.20.2-8.el9_6.tuxcare.els8

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1772125283.json"

npm

Package

Name: npm
Purl: pkg:rpm/tuxcare/npm?distro=almalinux-9.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:8.19.4_1.16.20.2-8.el9_6.tuxcare.els8

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1772125283.json"

v8-devel

Package

Name: v8-devel
Purl: pkg:rpm/tuxcare/v8-devel?distro=almalinux-9.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:9.4.146.26_1.16.20.2-8.el9_6.tuxcare.els8

Database specific

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1772125283.json"