cvedb.io
CVE-2025-59464
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2026-01-20T21:16:03.900 · Last modified 2026-06-17T09:46:12.450

Summary

A memory leak in Node.js’s OpenSSL integration occurs when converting `X.509` certificate fields to UTF-8 without freeing the allocated buffer. When applications call `socket.getPeerCertificate(true)`, each certificate field leaks memory, allowing remote clients to trigger steady memory growth through repeated TLS connections. Over time this can lead to resource exhaustion and denial of service.

Affected products

nodejs — node.js

Does this affect you?

Add your gear to cvedb and we'll alert you only when nodejs ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.