Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-w2pg-hw7v-f7m9

Опубликовано: 20 янв. 2026
Источник: github
Github: Не прошло ревью
CVSS3: 7.5

Описание

A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not attach explicit error handlers to secure sockets, for example:

server.on('secureConnection', socket => { socket.on('error', err => { console.log(err) }) })

A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not attach explicit error handlers to secure sockets, for example:

server.on('secureConnection', socket => { socket.on('error', err => { console.log(err) }) })

Ссылки

EPSS

Процентиль: 21%
0.00069
Низкий

7.5 High

CVSS3

CVE ID

CVE-2025-59465

Дефекты

CWE-400

Связанные уязвимости

ubuntu логотип

CVE-2025-59465

CVSS3: 7.5
ubuntu
2 месяца назад

A malformed `HTTP/2 HEADERS` frame with oversized, invalid `HPACK` data can cause Node.js to crash by triggering an unhandled `TLSSocket` error `ECONNRESET`. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not attach explicit error handlers to secure sockets, for example: ``` server.on('secureConnection', socket => { socket.on('error', err => { console.log(err) }) }) ```

redhat логотип

CVE-2025-59465

CVSS3: 7.5
redhat
2 месяца назад

A malformed `HTTP/2 HEADERS` frame with oversized, invalid `HPACK` data can cause Node.js to crash by triggering an unhandled `TLSSocket` error `ECONNRESET`. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not attach explicit error handlers to secure sockets, for example: ``` server.on('secureConnection', socket => { socket.on('error', err => { console.log(err) }) }) ```

nvd логотип

CVE-2025-59465

CVSS3: 7.5
nvd
2 месяца назад

A malformed `HTTP/2 HEADERS` frame with oversized, invalid `HPACK` data can cause Node.js to crash by triggering an unhandled `TLSSocket` error `ECONNRESET`. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not attach explicit error handlers to secure sockets, for example: ``` server.on('secureConnection', socket => { socket.on('error', err => { console.log(err) }) }) ```

debian логотип

CVE-2025-59465

CVSS3: 7.5
debian
2 месяца назад

A malformed `HTTP/2 HEADERS` frame with oversized, invalid `HPACK` dat ...

fstec логотип

BDU:2026-00547

CVSS3: 7.5
fstec
2 месяца назад

Уязвимость программной платформы Node.js, связанная с ошибкой обработки исключительных состояний, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 21%
0.00069
Низкий

7.5 High

CVSS3

CVE ID

CVE-2025-59465

Дефекты

CWE-400