Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-23085

Опубликовано: 07 фев. 2025
Источник: debian
EPSS Низкий

Описание

A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions. This vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
nodejsfixed20.18.2+dfsg-1package

Примечания

  • https://nodejs.org/en/blog/vulnerability/january-2025-security-releases#goaway-http2-frames-cause-memory-leak-outside-heap-cve-2025-23085---medium

  • Fixed by: https://github.com/nodejs/node/commit/3c7686163ed4c6ae3e5901b758b7a7d4fd5bb0c0 (v23.6.1)

  • Fixed by: https://github.com/nodejs/node/commit/6cc8d58e6f97c37c228f134bd9b98246c8871fb1 (v18.20.6)

EPSS

Процентиль: 26%
0.00086
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-23085

CVSS3: 5.3
ubuntu
4 месяца назад

A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions. This vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.

redhat логотип

CVE-2025-23085

CVSS3: 5.3
redhat
5 месяцев назад

A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions. This vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.

nvd логотип

CVE-2025-23085

CVSS3: 5.3
nvd
4 месяца назад

A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions. This vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.

msrc логотип

CVE-2025-23085

CVSS3: 5.3
msrc
4 месяца назад

Описание отсутствует

github логотип

GHSA-qv9x-c8c9-rpr8

CVSS3: 5.3
github
4 месяца назад

A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions. This vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.

EPSS

Процентиль: 26%
0.00086
Низкий