CVE-2025-59466

Опубликовано: 20 янв. 2026

Источник: ubuntu

Приоритет: medium

CVSS3: 7.5

Описание

We have identified a bug in Node.js error handling where "Maximum call stack size exceeded" errors become uncatchable when async_hooks.createHook() is enabled. Instead of reaching process.on('uncaughtException'), the process terminates, making the crash unrecoverable. Applications that rely on AsyncLocalStorage (v22, v20) or async_hooks.createHook() (v24, v22, v20) become vulnerable to denial-of-service crashes triggered by deep recursion under specific conditions.

Релиз	Статус	Примечание
devel	needs-triage
esm-apps/bionic	needs-triage
esm-apps/focal	needs-triage
esm-apps/jammy	needs-triage
esm-apps/noble	needs-triage
esm-apps/xenial	needs-triage
esm-infra-legacy/trusty	needs-triage
jammy	needs-triage
noble	needs-triage
plucky	ignored	end of life, was needs-triage

Показывать по

Ссылки на источники

7.5 High

CVSS3

Связанные уязвимости

CVE-2025-59466

CVSS3: 7.5

nvd

14 дней назад

We have identified a bug in Node.js error handling where "Maximum call stack size exceeded" errors become uncatchable when `async_hooks.createHook()` is enabled. Instead of reaching `process.on('uncaughtException')`, the process terminates, making the crash unrecoverable. Applications that rely on `AsyncLocalStorage` (v22, v20) or `async_hooks.createHook()` (v24, v22, v20) become vulnerable to denial-of-service crashes triggered by deep recursion under specific conditions.

CVE-2025-59466

CVSS3: 7.5

debian

14 дней назад

We have identified a bug in Node.js error handling where "Maximum call ...

GHSA-52xj-vx8w-46qj

CVSS3: 5.9

github

14 дней назад

BDU:2026-00456

CVSS3: 7.5

fstec

22 дня назад

Уязвимость функции createHook() модуля async_hooks программной платформы Node.js, позволяющая нарушителю вызвать отказ в обслуживании

SUSE-SU-2026:0301-1

suse-cvrf

8 дней назад

Security update for nodejs22

7.5 High

CVSS3

CVE-2025-59466

Описание

Пакет nodejs

Ссылки на источники

Связанные уязвимости