OESA-2025-1274

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1274
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2025-1274.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2025-1274
Upstream
Published
2025-03-14T15:44:06Z
Modified
2025-08-12T05:49:18.277468Z
Summary
nodejs security update
Details

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices.

Security Fix(es):

A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions.

This vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.(CVE-2025-23085)

Database specific 
{
    "severity": "Medium"
}
References

Affected packages

openEuler:22.03-LTS-SP4 / nodejs

Package

Name
nodejs
Purl
pkg:rpm/openEuler/nodejs&distro=openEuler-22.03-LTS-SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
12.22.11-11.oe2203sp4

Ecosystem specific 

{
    "aarch64": [
        "nodejs-12.22.11-11.oe2203sp4.aarch64.rpm",
        "nodejs-debuginfo-12.22.11-11.oe2203sp4.aarch64.rpm",
        "nodejs-debugsource-12.22.11-11.oe2203sp4.aarch64.rpm",
        "nodejs-devel-12.22.11-11.oe2203sp4.aarch64.rpm",
        "nodejs-full-i18n-12.22.11-11.oe2203sp4.aarch64.rpm",
        "nodejs-libs-12.22.11-11.oe2203sp4.aarch64.rpm",
        "npm-6.14.16-1.12.22.11.11.oe2203sp4.aarch64.rpm",
        "v8-devel-7.8.279.23-1.12.22.11.11.oe2203sp4.aarch64.rpm"
    ],
    "noarch": [
        "nodejs-docs-12.22.11-11.oe2203sp4.noarch.rpm"
    ],
    "x86_64": [
        "nodejs-12.22.11-11.oe2203sp4.x86_64.rpm",
        "nodejs-debuginfo-12.22.11-11.oe2203sp4.x86_64.rpm",
        "nodejs-debugsource-12.22.11-11.oe2203sp4.x86_64.rpm",
        "nodejs-devel-12.22.11-11.oe2203sp4.x86_64.rpm",
        "nodejs-full-i18n-12.22.11-11.oe2203sp4.x86_64.rpm",
        "nodejs-libs-12.22.11-11.oe2203sp4.x86_64.rpm",
        "npm-6.14.16-1.12.22.11.11.oe2203sp4.x86_64.rpm",
        "v8-devel-7.8.279.23-1.12.22.11.11.oe2203sp4.x86_64.rpm"
    ],
    "src": [
        "nodejs-12.22.11-11.oe2203sp4.src.rpm"
    ]
}