BIT-node-min-2025-59464

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/node-min/BIT-node-min-2025-59464.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-node-min-2025-59464

Aliases

Published

2026-01-26T14:47:55.059Z

Modified

2026-02-01T01:16:44.775307Z

Summary

[none]

Details

A memory leak in Node.js’s OpenSSL integration occurs when converting X.509 certificate fields to UTF-8 without freeing the allocated buffer. When applications call socket.getPeerCertificate(true), each certificate field leaks memory, allowing remote clients to trigger steady memory growth through repeated TLS connections. Over time this can lead to resource exhaustion and denial of service.

Database specific

{
    "severity": "High",
    "cpes": [
        "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*"
    ]
}

References

Affected packages

Bitnami / node-min

Package

Name: node-min
Purl: pkg:bitnami/node-min

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

24.0.0

Fixed

24.12.0

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/node-min/BIT-node-min-2025-59464.json"