BIT-node-2025-59464

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/node/BIT-node-2025-59464.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-node-2025-59464

Aliases

Published

2026-01-26T14:47:55.131Z

Modified

2026-02-01T09:51:11.899309Z

Summary

[none]

Details

A memory leak in Node.js’s OpenSSL integration occurs when converting X.509 certificate fields to UTF-8 without freeing the allocated buffer. When applications call socket.getPeerCertificate(true), each certificate field leaks memory, allowing remote clients to trigger steady memory growth through repeated TLS connections. Over time this can lead to resource exhaustion and denial of service.

Database specific

{
    "severity": "High",
    "cpes": [
        "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*"
    ]
}

References

Affected packages

Bitnami / node

Package

Name: node
Purl: pkg:bitnami/node

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

24.0.0

Fixed

24.12.0

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/node/BIT-node-2025-59464.json"