OESA-2025-1276

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1276
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2025-1276.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2025-1276
Upstream
Published
2025-03-14T15:44:09Z
Modified
2025-08-12T05:49:19.208025Z
Summary
nodejs security update
Details

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices.

Security Fix(es):

A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions.

This vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.(CVE-2025-23085)

Database specific 
{
    "severity": "Medium"
}
References

Affected packages

openEuler:22.03-LTS-SP3 / nodejs

Package

Name
nodejs
Purl
pkg:rpm/openEuler/nodejs&distro=openEuler-22.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
12.22.11-11.oe2203sp3

Ecosystem specific 

{
    "aarch64": [
        "nodejs-12.22.11-11.oe2203sp3.aarch64.rpm",
        "nodejs-debuginfo-12.22.11-11.oe2203sp3.aarch64.rpm",
        "nodejs-debugsource-12.22.11-11.oe2203sp3.aarch64.rpm",
        "nodejs-devel-12.22.11-11.oe2203sp3.aarch64.rpm",
        "nodejs-full-i18n-12.22.11-11.oe2203sp3.aarch64.rpm",
        "nodejs-libs-12.22.11-11.oe2203sp3.aarch64.rpm",
        "npm-6.14.16-1.12.22.11.11.oe2203sp3.aarch64.rpm",
        "v8-devel-7.8.279.23-1.12.22.11.11.oe2203sp3.aarch64.rpm"
    ],
    "noarch": [
        "nodejs-docs-12.22.11-11.oe2203sp3.noarch.rpm"
    ],
    "x86_64": [
        "nodejs-12.22.11-11.oe2203sp3.x86_64.rpm",
        "nodejs-debuginfo-12.22.11-11.oe2203sp3.x86_64.rpm",
        "nodejs-debugsource-12.22.11-11.oe2203sp3.x86_64.rpm",
        "nodejs-devel-12.22.11-11.oe2203sp3.x86_64.rpm",
        "nodejs-full-i18n-12.22.11-11.oe2203sp3.x86_64.rpm",
        "nodejs-libs-12.22.11-11.oe2203sp3.x86_64.rpm",
        "npm-6.14.16-1.12.22.11.11.oe2203sp3.x86_64.rpm",
        "v8-devel-7.8.279.23-1.12.22.11.11.oe2203sp3.x86_64.rpm"
    ],
    "src": [
        "nodejs-12.22.11-11.oe2203sp3.src.rpm"
    ]
}