CVE-2025-59464

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Node.js version 24 Description A memory leak exists in Node.js’s OpenSSL integration when converting X.509 certificate fields to UTF-8 without freeing the allocated buffer. Calling socket.getPeerCertificate(true) causes a memory leak for each certificate field, potentially leading to resource exhaustion and a denial of service through repeated TLS connections. The socket.getPeerCertificate(true) function is involved in the issue. Recommendations Update to a newer version that contains a fix for this vulnerability.

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

BIT-NODE-2025-59464

BIT-NODE-MIN-2025-59464

CVE-2025-59464

OPENSUSE-SU-2026:10311-1

OPENSUSE-SU-2026:20519-1

RHSA-2026:6402

RHSA-2026:6431

RHSA-2026:7378

RHSA-2026:7386

RHSA-2026:7387

RHSA-2026:7657

SUSE-SU-2026:1299-1

SUSE-SU-2026:21181-1

Affected Products

Node.Js

Openssl

CVE-2025-59464

Weakness Enumeration

Related Identifiers

Affected Products

References · 39