CVE-2025-59464
HIGH7.5EPSS 0.10%發布日:1/1/1修改日:2026/1/31
描述
A memory leak in Node.js’s OpenSSL integration occurs when converting `X.509` certificate fields to UTF-8 without freeing the allocated buffer. When applications call `socket.getPeerCertificate(true)`, each certificate field leaks memory, allowing remote clients to trigger steady memory growth through repeated TLS connections. Over time this can lead to resource exhaustion and denial of service.
受影響套件(3)
- Bitnami/node>= 24.0.0, < 24.12.0
- Bitnami/node-min>= 24.0.0, < 24.12.0
- Debian/nodejsfrom 0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |