CVE-2025-59464
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3Description
A memory leak in Node.js’s OpenSSL integration occurs when converting `X.509` certificate fields to UTF-8 without freeing the allocated buffer. When applications call `socket.getPeerCertificate(true)`, each certificate field leaks memory, allowing remote clients to trigger steady memory growth through repeated TLS connections. Over time this can lead to resource exhaustion and denial of service.
Analysis
A memory leak in Node.js’s OpenSSL integration occurs when converting X.509 certificate fields to UTF-8 without freeing the allocated buffer. [CVSS 7.5 HIGH]
Technical Context
Classified as CWE-400 (Uncontrolled Resource Consumption). Affects Node.Js. A memory leak in Node.js’s OpenSSL integration occurs when converting `X.509` certificate fields to UTF-8 without freeing the allocated buffer. When applications call `socket.getPeerCertificate(true)`, each certificate field leaks memory, allowing remote clients to trigger steady memory growth through repeated TLS connections. Over time this can lead to resource exhaustion and denial of service.
Affected Products
Vendor: Nodejs. Product: Node.Js.
Remediation
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Priority Score
Vendor Status
Share
External POC / Exploit Code
Leaving vuln.today