0Xmaxhax

**Name of the Vulnerable Software and Affected Versions** Node.js versions (affected versions not specified) **Description** A flaw in Node.js TLS error handling can allow remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or `ALPNCallback` are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths, potentially leading to denial of service. Because these callbacks process attacker-controlled input during the TLS handshake, a remote client can repeatedly trigger the issue. The issue is related to incorrect cleanup or release of resources within the `pskCallback()` and `ALPNCallback()` functions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.