Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-59464

A memory leak in Node.js’s OpenSSL integration occurs when converting `X.509` certificate fields to UTF-8 without freeing the allocated buffer. When applications call `socket.getPeerCertificate(true)`, each certificate field leaks memory, allowing remote clients to trigger steady memory growth through repeated TLS connections. Over time this can lead to resource exhaustion and denial of service.

Published

2026-01-20T21:16:03.900

Last Modified

2026-01-30T20:26:26.333

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-400

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nodejs	node.js	< 24.12.0	Yes

References

https://nodejs.org/en/blog/vulnerability/december-2025-security-releases Release Notes, Vendor Advisory ([email protected])