Unrated severityOSV Advisory· Published Jan 20, 2026· Updated Jan 21, 2026
CVE-2025-59465
CVE-2025-59465
Description
A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not attach explicit error handlers to secure sockets, for example: `` server.on('secureConnection', socket => { socket.on('error', err => { console.log(err) }) }) ``
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
53- osv-coords51 versionspkg:apk/chainguard/nodejs-20pkg:apk/chainguard/nodejs-20-docpkg:apk/chainguard/nodejs-22pkg:apk/chainguard/nodejs-22-docpkg:apk/chainguard/nodejs-24pkg:apk/chainguard/nodejs-24-docpkg:apk/chainguard/nodejs-25pkg:apk/wolfi/nodejs-20pkg:apk/wolfi/nodejs-20-docpkg:apk/wolfi/nodejs-22pkg:apk/wolfi/nodejs-22-docpkg:apk/wolfi/nodejs-24pkg:apk/wolfi/nodejs-24-docpkg:apk/wolfi/nodejs-25pkg:bitnami/nodepkg:bitnami/node-minpkg:rpm/almalinux/nodejspkg:rpm/almalinux/nodejs24pkg:rpm/almalinux/nodejs24-develpkg:rpm/almalinux/nodejs24-docspkg:rpm/almalinux/nodejs24-full-i18npkg:rpm/almalinux/nodejs24-libspkg:rpm/almalinux/nodejs24-npmpkg:rpm/almalinux/nodejs-develpkg:rpm/almalinux/nodejs-docspkg:rpm/almalinux/nodejs-full-i18npkg:rpm/almalinux/nodejs-libspkg:rpm/almalinux/nodejs-nodemonpkg:rpm/almalinux/nodejs-npmpkg:rpm/almalinux/nodejs-packagingpkg:rpm/almalinux/nodejs-packaging-bundlerpkg:rpm/almalinux/npmpkg:rpm/almalinux/v8-12.4-develpkg:rpm/almalinux/v8-13.6-develpkg:rpm/opensuse/nodejs20&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/nodejs22&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/nodejs22&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/nodejs22&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/nodejs24&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/nodejs26&distro=openSUSE%20Tumbleweedpkg:rpm/suse/nodejs20&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/nodejs20&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/nodejs20&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/nodejs20&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/nodejs20&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/nodejs20&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/nodejs22&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP7pkg:rpm/suse/nodejs22&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/nodejs22&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/nodejs22&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/nodejs22&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
< 20.20.0-r0+ 50 more
- (no CPE)range: < 20.20.0-r0
- (no CPE)range: < 20.20.0-r0
- (no CPE)range: < 22.22.0-r0
- (no CPE)range: < 22.22.0-r0
- (no CPE)range: < 24.13.0-r0
- (no CPE)range: < 24.13.0-r0
- (no CPE)range: < 25.3.0-r0
- (no CPE)range: < 20.20.0-r0
- (no CPE)range: < 20.20.0-r0
- (no CPE)range: < 22.22.0-r0
- (no CPE)range: < 22.22.0-r0
- (no CPE)range: < 24.13.0-r0
- (no CPE)range: < 24.13.0-r0
- (no CPE)range: < 25.3.0-r0
- (no CPE)range: < 20.20.0
- (no CPE)range: < 20.20.0
- (no CPE)range: < 1:24.13.0-0.module_el8.10.0+4113+bc863bc2
- (no CPE)range: < 1:24.13.0-1.el10_1
- (no CPE)range: < 1:24.13.0-1.el10_1
- (no CPE)range: < 1:24.13.0-1.el10_1
- (no CPE)range: < 1:24.13.0-1.el10_1
- (no CPE)range: < 1:24.13.0-1.el10_1
- (no CPE)range: < 1:11.6.2-1.24.13.0.1.el10_1
- (no CPE)range: < 1:24.13.0-0.module_el8.10.0+4113+bc863bc2
- (no CPE)range: < 1:22.22.0-3.el10_1
- (no CPE)range: < 1:24.13.0-0.module_el8.10.0+4113+bc863bc2
- (no CPE)range: < 1:24.13.0-0.module_el8.10.0+4113+bc863bc2
- (no CPE)range: < 3.0.3-1.module_el8.10.0+4061+f8ceeab9
- (no CPE)range: < 1:10.9.4-1.22.22.0.3.el10_1
- (no CPE)range: < 2021.06-6.module_el8.10.0+4086+70facd4a
- (no CPE)range: < 2021.06-6.module_el8.10.0+4086+70facd4a
- (no CPE)range: < 1:11.6.2-1.24.13.0.0.module_el8.10.0+4113+bc863bc2
- (no CPE)range: < 3:12.4.254.21-1.22.22.0.1.module_el8.10.0+4112+db1af44b
- (no CPE)range: < 3:13.6.233.17-1.24.13.0.0.module_el8.10.0+4113+bc863bc2
- (no CPE)range: < 20.20.0-150600.3.15.1
- (no CPE)range: < 22.22.0-150600.13.12.1
- (no CPE)range: < 22.22.0-160000.1.1
- (no CPE)range: < 22.22.0-1.1
- (no CPE)range: < 24.13.0-1.1
- (no CPE)range: < 26.3.1-1.1
- (no CPE)range: < 20.20.0-150500.11.24.1
- (no CPE)range: < 20.20.0-150500.11.24.1
- (no CPE)range: < 20.20.0-150500.11.24.1
- (no CPE)range: < 20.20.0-150600.3.15.1
- (no CPE)range: < 20.20.0-150500.11.24.1
- (no CPE)range: < 20.20.0-150600.3.15.1
- (no CPE)range: < 22.22.0-150700.3.6.1
- (no CPE)range: < 22.22.0-150600.13.12.1
- (no CPE)range: < 22.22.0-160000.1.1
- (no CPE)range: < 22.22.0-150600.13.12.1
- (no CPE)range: < 22.22.0-160000.1.1
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.