Unrated severityOSV Advisory· Published Jan 20, 2026· Updated Jan 21, 2026

CVE-2025-59464

Description

A memory leak in Node.js’s OpenSSL integration occurs when converting X.509 certificate fields to UTF-8 without freeing the allocated buffer. When applications call socket.getPeerCertificate(true), each certificate field leaks memory, allowing remote clients to trigger steady memory growth through repeated TLS connections. Over time this can lead to resource exhaustion and denial of service.

Affected products

Node.js/Node.jsOSV
Range: v24.0.0, v24.0.1, v24.0.2, …

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

nodejs.org/en/blog/vulnerability/december-2025-security-releasesmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000