Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Patch nodejs18 for CVE-2025-22150 [Medium] #12231

Open
wants to merge 1 commit into
base: fasttrack/2.0
Choose a base branch
from
+45 −1
Open

Patch nodejs18 for CVE-2025-22150 [Medium] #12231

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
40 changes: 40 additions & 0 deletions SPECS/nodejs/CVE-2025-22150.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
From d059d899b9c92a1479432016fe48a01d9254d89a Mon Sep 17 00:00:00 2001
From: Kanishk Bansal <[email protected]>
Date: Wed, 5 Feb 2025 12:28:55 +0000
Subject: [PATCH] Address CVE-2025-22150

---
deps/undici/src/lib/fetch/body.js | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/deps/undici/src/lib/fetch/body.js b/deps/undici/src/lib/fetch/body.js
index fd8481b7..4afcfdfb 100644
--- a/deps/undici/src/lib/fetch/body.js
+++ b/deps/undici/src/lib/fetch/body.js
@@ -22,6 +22,14 @@ const { isUint8Array, isArrayBuffer } = require('util/types')
const { File: UndiciFile } = require('./file')
const { parseMIMEType, serializeAMimeType } = require('./dataURL')

+let random
+try {
+ const crypto = require('node:crypto')
+ random = (max) => crypto.randomInt(0, max)
+} catch {
+ random = (max) => Math.floor(Math.random(max))
+}
+
let ReadableStream = globalThis.ReadableStream

/** @type {globalThis['File']} */
@@ -107,7 +115,7 @@ function extractBody (object, keepalive = false) {
// Set source to a copy of the bytes held by object.
source = new Uint8Array(object.buffer.slice(object.byteOffset, object.byteOffset + object.byteLength))
} else if (util.isFormDataLike(object)) {
- const boundary = `----formdata-undici-0${`${Math.floor(Math.random() * 1e11)}`.padStart(11, '0')}`
+ const boundary = `----formdata-undici-0${`${random(1e11)}`.padStart(11, '0')}`
const prefix = `--${boundary}\r\nContent-Disposition: form-data`

/*! formdata-polyfill. MIT License. Jimmy Wärting <https://jimmy.warting.se/opensource> */
--
2.43.0

6 changes: 5 additions & 1 deletion SPECS/nodejs/nodejs18.spec
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ Name: nodejs18
# WARNINGS: MUST check and update the 'npm_version' macro for every version update of this package.
# The version of NPM can be found inside the sources under 'deps/npm/package.json'.
Version: 18.20.3
Release: 2%{?dist}
Release: 3%{?dist}
License: BSD and MIT and Public Domain and NAIST-2003 and Artistic-2.0
Group: Applications/System
Vendor: Microsoft Corporation
Expand All @@ -18,6 +18,7 @@ URL: https://github.com/nodejs/node
Source0: https://nodejs.org/download/release/v%{version}/node-v%{version}.tar.xz
Patch0: CVE-2023-21100.patch
Patch1: CVE-2024-21538.patch
Patch2: CVE-2025-22150.patch
BuildRequires: brotli-devel
BuildRequires: coreutils >= 8.22
BuildRequires: gcc
Expand Down Expand Up @@ -118,6 +119,9 @@ make cctest
%{_datadir}/systemtap/tapset/node.stp

%changelog
* Wed Feb 05 2025 Kanishk Bansal <[email protected]> - 18.20.3-3
- Patch CVE-2025-22150

* Tue Nov 19 2024 Bala <[email protected]> - 18.20.3-2
- Patch CVE-2024-21538

Expand Down
Loading