UBUNTU-CVE-2025-66453

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2025-66453

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-66453.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-66453

Upstream

CVE-2025-66453

Published

2025-12-04T00:00:00Z

Modified

2025-12-05T12:33:23.825302Z

Severity

5.5 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed() function, it might lead to high CPU consumption and a potential Denial of Service. Small numbers go through this call stack: NativeNumber.numTo > DToA.JSdtostr > DToA.JSdtoa > DToA.pow5mult where pow5mult attempts to raise 5 to a ridiculous power. This vulnerability is fixed in 1.8.1, 1.7.15.1, and 1.7.14.1.

References

Affected packages

Ubuntu:16.04:LTS

rhino

Package

Name: rhino
Purl: pkg:deb/ubuntu/rhino@1.7R4-3?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.7R4-3

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1.7R4-3",
            "binary_name": "librhino-java"
        },
        {
            "binary_version": "1.7R4-3",
            "binary_name": "rhino"
        }
    ]
}

Ubuntu:18.04:LTS

rhino

Package

Name: rhino
Purl: pkg:deb/ubuntu/rhino@1.7.7.1-1?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.7.7.1-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1.7.7.1-1",
            "binary_name": "librhino-java"
        },
        {
            "binary_version": "1.7.7.1-1",
            "binary_name": "rhino"
        }
    ]
}

Ubuntu:20.04:LTS

rhino

Package

Name: rhino
Purl: pkg:deb/ubuntu/rhino@1.7.7.1-1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.7.7.1-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1.7.7.1-1",
            "binary_name": "librhino-java"
        },
        {
            "binary_version": "1.7.7.1-1",
            "binary_name": "rhino"
        }
    ]
}

Ubuntu:22.04:LTS

rhino

Package

Name: rhino
Purl: pkg:deb/ubuntu/rhino@1.7.7.2-3?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.7.7.2-3

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1.7.7.2-3",
            "binary_name": "librhino-java"
        },
        {
            "binary_version": "1.7.7.2-3",
            "binary_name": "rhino"
        }
    ]
}

Ubuntu:24.04:LTS

rhino

Package

Name: rhino
Purl: pkg:deb/ubuntu/rhino@1.7.14-2.1?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.7.14-2.1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1.7.14-2.1",
            "binary_name": "librhino-java"
        },
        {
            "binary_version": "1.7.14-2.1",
            "binary_name": "rhino"
        }
    ]
}

Ubuntu:25.04

rhino

Package

Name: rhino
Purl: pkg:deb/ubuntu/rhino@1.7.15-1?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.7.14-2.1

1.7.15-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1.7.15-1",
            "binary_name": "librhino-java"
        },
        {
            "binary_version": "1.7.15-1",
            "binary_name": "rhino"
        }
    ]
}

Ubuntu:25.10

rhino

Package

Name: rhino
Purl: pkg:deb/ubuntu/rhino@1.7.15-1?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.7.15-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1.7.15-1",
            "binary_name": "librhino-java"
        },
        {
            "binary_version": "1.7.15-1",
            "binary_name": "rhino"
        }
    ]
}