UBUNTU-CVE-2025-50537

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2025-50537

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-50537.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-50537

Upstream

CVE-2025-50537

Published

2026-01-27T00:00:00Z

Modified

2026-01-27T13:00:50.595312Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

Stack overflow vulnerability in eslint before 9.26.0 when serializing objects with circular references in eslint/lib/shared/serialization.js. The exploit is triggered via the RuleTester.run() method, which validates test cases and checks for duplicates. During validation, the internal function checkDuplicateTestCase() is called, which in turn uses the isSerializable() function for serialization checks. When a circular reference object is passed in, isSerializable() enters infinite recursion, ultimately causing a stack overflow.

References

Affected packages

Ubuntu:20.04:LTS / eslint

Package

Name: eslint
Purl: pkg:deb/ubuntu/eslint@5.0.1~dfsg-4build3?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.0.1~dfsg-4build2

5.0.1~dfsg-4build3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "eslint",
            "binary_version": "5.0.1~dfsg-4build3"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-50537.json"

Ubuntu:22.04:LTS / eslint

Package

Name: eslint
Purl: pkg:deb/ubuntu/eslint@6.4.0~dfsg+~6.1.9-2?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.16.0~dfsg+~4.16.8-5

5.16.0~dfsg+~4.16.8-6

5.16.0~dfsg+~4.16.8-7

5.16.0~dfsg+~4.16.8-8

6.*

6.4.0~dfsg+~6.1.9-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "eslint",
            "binary_version": "6.4.0~dfsg+~6.1.9-2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-50537.json"

Ubuntu:24.04:LTS / eslint

Package

Name: eslint
Purl: pkg:deb/ubuntu/eslint@6.4.0~dfsg+~6.1.9-11build3?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.4.0~dfsg+~6.1.9-7

6.4.0~dfsg+~6.1.9-11build3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "eslint",
            "binary_version": "6.4.0~dfsg+~6.1.9-11build3"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-50537.json"

Ubuntu:25.10 / eslint

Package

Name: eslint
Purl: pkg:deb/ubuntu/eslint@6.4.0~dfsg+~6.1.9-12?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.4.0~dfsg+~6.1.9-12

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "eslint",
            "binary_version": "6.4.0~dfsg+~6.1.9-12"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-50537.json"