Unrated severityOSV Advisory· Published Jan 20, 2026· Updated Jan 21, 2026
CVE-2025-59464
CVE-2025-59464
Description
A memory leak in Node.js’s OpenSSL integration occurs when converting X.509 certificate fields to UTF-8 without freeing the allocated buffer. When applications call socket.getPeerCertificate(true), each certificate field leaks memory, allowing remote clients to trigger steady memory growth through repeated TLS connections. Over time this can lead to resource exhaustion and denial of service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
24- osv-coords22 versionspkg:apk/chainguard/nodejs-20pkg:apk/chainguard/nodejs-20-docpkg:apk/chainguard/nodejs-22pkg:apk/chainguard/nodejs-22-docpkg:apk/chainguard/nodejs-24pkg:apk/chainguard/nodejs-24-docpkg:apk/chainguard/nodejs-25pkg:apk/wolfi/nodejs-20pkg:apk/wolfi/nodejs-20-docpkg:apk/wolfi/nodejs-22pkg:apk/wolfi/nodejs-22-docpkg:apk/wolfi/nodejs-24pkg:apk/wolfi/nodejs-24-docpkg:apk/wolfi/nodejs-25pkg:bitnami/nodepkg:bitnami/node-minpkg:rpm/opensuse/nodejs24&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/nodejs24&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/nodejs26&distro=openSUSE%20Tumbleweedpkg:rpm/suse/nodejs24&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP7pkg:rpm/suse/nodejs24&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/nodejs24&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
< 20.20.0-r0+ 21 more
- (no CPE)range: < 20.20.0-r0
- (no CPE)range: < 20.20.0-r0
- (no CPE)range: < 22.22.0-r0
- (no CPE)range: < 22.22.0-r0
- (no CPE)range: < 24.13.0-r0
- (no CPE)range: < 24.13.0-r0
- (no CPE)range: < 25.3.0-r0
- (no CPE)range: < 20.20.0-r0
- (no CPE)range: < 20.20.0-r0
- (no CPE)range: < 22.22.0-r0
- (no CPE)range: < 22.22.0-r0
- (no CPE)range: < 24.13.0-r0
- (no CPE)range: < 24.13.0-r0
- (no CPE)range: < 25.3.0-r0
- (no CPE)range: >= 24.0.0, < 24.12.0
- (no CPE)range: >= 24.0.0, < 24.12.0
- (no CPE)range: < 24.14.1-160000.1.1
- (no CPE)range: < 24.13.0-4.1
- (no CPE)range: < 26.3.1-1.1
- (no CPE)range: < 24.14.1-150700.15.8.1
- (no CPE)range: < 24.14.1-160000.1.1
- (no CPE)range: < 24.14.1-160000.1.1
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.