Intel

AIKIDO-2026-10030

node is vulnerable to Denial of Service (DoS)

Denial of Service (DoS)CVE-2025-59465 Published Jan 14, 2026

80

High Risk

This Affects:

OSnode
0.0.1 - 20.19.6
Fixed in 20.20.0
21.0.0 - 22.21.1
Fixed in 22.22.0
23.0.0 - 24.12.0
Fixed in 24.13.0
25.0.0 - 25.2.0
Fixed in 25.3.0
Are you affected? Scan for Free

TL;DR

Affected versions of the package are vulnerable to a crash due to improper handling of malformed HTTP/2 HEADERS frames containing oversized or invalid HPACK data. Such input can trigger an unhandled TLSSocket ECONNRESET error, causing the Node.js process to terminate instead of safely closing the connection, enabling a remote denial-of-service condition, particularly in applications without explicit secure socket error handlers.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

node is vulnerable to Denial of Service (DoS) in versions 25.0.0 - 25.2.0, 23.0.0 - 24.12.0, 21.0.0 - 22.21.1 and 0.0.1 - 20.19.6.

How to fix this

Upgrade the node library to a patch version.

Links

nodejs.org/en/blog/vulnerability/december-2025-security-releases#nodejs-http2-server-crashes-with-unhandled-error-when-receiving-malformed-headers-frame-cve-2025-59465---high
https://nodejs.org/en/blog/vulnerability/december-2025-security-releases#nodejs-http2-server-crashes-with-unhandled-error-when-receiving-malformed-headers-frame-cve-2025-59465---high
nodejs.org/en/blog/vulnerability/december-2025-security-releases
https://nodejs.org/en/blog/vulnerability/december-2025-security-releases
access.redhat.com/errata/RHSA-2026:1842
https://access.redhat.com/errata/RHSA-2026:1842
access.redhat.com/errata/RHSA-2026:1843
https://access.redhat.com/errata/RHSA-2026:1843
access.redhat.com/errata/RHSA-2026:2420
https://access.redhat.com/errata/RHSA-2026:2420
access.redhat.com/errata/RHSA-2026:2421
https://access.redhat.com/errata/RHSA-2026:2421
access.redhat.com/errata/RHSA-2026:2422
https://access.redhat.com/errata/RHSA-2026:2422
access.redhat.com/errata/RHSA-2026:2767
https://access.redhat.com/errata/RHSA-2026:2767
access.redhat.com/errata/RHSA-2026:2768
https://access.redhat.com/errata/RHSA-2026:2768
access.redhat.com/errata/RHSA-2026:2781
https://access.redhat.com/errata/RHSA-2026:2781
access.redhat.com/errata/RHSA-2026:2782
https://access.redhat.com/errata/RHSA-2026:2782
access.redhat.com/errata/RHSA-2026:2783
https://access.redhat.com/errata/RHSA-2026:2783
access.redhat.com/errata/RHSA-2026:2864
https://access.redhat.com/errata/RHSA-2026:2864
access.redhat.com/errata/RHSA-2026:2899
https://access.redhat.com/errata/RHSA-2026:2899
access.redhat.com/errata/RHSA-2026:6402
https://access.redhat.com/errata/RHSA-2026:6402
access.redhat.com/errata/RHSA-2026:6431
https://access.redhat.com/errata/RHSA-2026:6431
access.redhat.com/errata/RHSA-2026:7386
https://access.redhat.com/errata/RHSA-2026:7386
access.redhat.com/errata/RHSA-2026:7387
https://access.redhat.com/errata/RHSA-2026:7387
access.redhat.com/security/cve/CVE-2025-59465
https://access.redhat.com/security/cve/CVE-2025-59465
bugzilla.redhat.com/show_bug.cgi?id=2431349
https://bugzilla.redhat.com/show_bug.cgi?id=2431349
security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-59465.json
https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-59465.json