BIT-node-2025-59464

BIT-node-2025-59464 PUBLISHED CVSS 7.5 HIGH

A memory leak in Node.js’s OpenSSL integration occurs when converting `X.509` certificate fields to UTF-8 without freeing the allocated buffer. When applications call `socket.getPeerCertificate(true)`, each certificate field leaks memory, allowing remote clients to trigger steady memory growth through repeated TLS connections. Over time this can lead to resource exhaustion and denial of service.

Risk Scores

CVSS 3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Bitnami	node	24.0.0, 24.0.0, 24.0.0

Timeline

Jan 26, 2026 CVE Published
Jan 31, 2026 CVE Updated

References

https://nodejs.org/en/blog/vulnerability/december-2025-security-releases url
https://nvd.nist.gov/vuln/detail/CVE-2025-59464 url

Open in Interactive Console →