Nixpkgs security tracker
6.5 MEDIUM
- CVSS version: 3.1
- Attack vector (AV):
- Attack complexity (AC):
- Privileges required (PR):
- User interaction (UI):
- Scope (S):
- Confidentiality impact (C):
- Integrity impact (I):
- Availability impact (A):
Certain build processes for libuv and Node.js for 32-bit systems, …
Certain build processes for libuv and Node.js for 32-bit systems, such as for the nodejs binary package through nodejs_20.19.0+dfsg-2_i386.deb for Debian GNU/Linux, have an inconsistent off_t size (e.g., building on i386 Debian always uses _FILE_OFFSET_BITS=64 for the libuv dynamic library, but uses the _FILE_OFFSET_BITS global system default of 32 for nodejs), leading to out-of-bounds access. NOTE: this is not a problem in the Node.js software itself. In particular, the Node.js website's download page does not offer prebuilt Node.js for Linux on i386.
References
Affected products
- =<nodejs_20.19.0+dfsg-2_i386.deb
Matching in nixpkgs
pkgs.nodejs_18
Event-driven I/O framework for the V8 JavaScript engine
pkgs.nodejs_20
Event-driven I/O framework for the V8 JavaScript engine
pkgs.nodejs_22
Event-driven I/O framework for the V8 JavaScript engine
pkgs.corepack_18
Wrappers for npm, pnpm and Yarn via Node.js Corepack
pkgs.corepack_20
Wrappers for npm, pnpm and Yarn via Node.js Corepack
pkgs.corepack_22
Wrappers for npm, pnpm and Yarn via Node.js Corepack
pkgs.nodejs_latest
Event-driven I/O framework for the V8 JavaScript engine
pkgs.nodejs-slim_18
Event-driven I/O framework for the V8 JavaScript engine
pkgs.nodejs-slim_20
Event-driven I/O framework for the V8 JavaScript engine
pkgs.nodejs-slim_22
Event-driven I/O framework for the V8 JavaScript engine
pkgs.corepack_latest
Wrappers for npm, pnpm and Yarn via Node.js Corepack
pkgs.elmPackages.nodejs
Event-driven I/O framework for the V8 JavaScript engine
pkgs.nodejs-slim_latest
Event-driven I/O framework for the V8 JavaScript engine
pkgs.nodejsInstallManuals
None
pkgs.haxePackages.hxnodejs_4
Extern definitions for node.js 4.x
pkgs.haxePackages.hxnodejs_6
Extern definitions for node.js 6.9
pkgs.matrix-sdk-crypto-nodejs
No-network-IO implementation of a state machine that handles E2EE for Matrix clients
-
nixos-unstable 0.2.0-beta.1
- nixpkgs-unstable 0.2.0-beta.1
- nixos-unstable-small 0.2.0-beta.1
pkgs.nodejsInstallExecutables
None
pkgs.emacsPackages.nodejs-repl
None
-
nixos-unstable 20240218.2357
- nixpkgs-unstable 20240218.2357
- nixos-unstable-small 20240218.2357
pkgs.graalvmCEPackages.graalnodejs
High-Performance Polyglot VM (Product: graalnodejs)
pkgs.dockerfile-language-server-nodejs
Language server for Dockerfiles powered by Node.js, TypeScript, and VSCode technologies
pkgs.matrix-sdk-crypto-nodejs-0_1_0-beta_3
No-network-IO implementation of a state machine that handles E2EE for Matrix clients
-
nixos-unstable 0.1.0-beta.3
- nixpkgs-unstable 0.1.0-beta.3
- nixos-unstable-small 0.1.0-beta.3
pkgs.pulumiPackages.pulumi-language-nodejs
None
pkgs.python311Packages.hatch-nodejs-version
Plugins for dealing with NodeJS versions
pkgs.python312Packages.hatch-nodejs-version
Plugins for dealing with NodeJS versions
Package maintainers
-
@wmertens Wout Mertens <Wout.Mertens@gmail.com>
-
@Net-Mist Sébastien Iooss <archimist.linux@gmail.com>
-
@rvolosatovs Roman Volosatovs <rvolosatovs@riseup.net>
-
@aduh95 Antoine du Hamel <duhamelantoine1995@gmail.com>
-
@bennyandresen Benjamin Andresen <bandresen@gmail.com>
-
@glittershark Griffin Smith <root@gws.fyi>
-
@hlolli Hlodver Sigurdsson <hlolli@gmail.com>
-
@ericdallo Eric Dallo <ercdll1337@gmail.com>
-
@D4ndellion Daniel Olsen <daniel@dodsorf.as>
-
@winterqt Winter <nixos@winter.cafe>
-
@cpcloud Phillip Cloud