Aikido Intel
Secure My Code
Intel

AIKIDO-2026-10032

node is vulnerable to Denial of Service (DoS)

Denial of Service (DoS)CVE-2025-59464 Published Jan 14, 2026

50

Medium Risk

This Affects:

OSnode
0.0.1 - 20.19.6
Fixed in 20.20.0
21.0.0 - 22.21.1
Fixed in 22.22.0
23.0.0 - 24.12.0
Fixed in 24.13.0
25.0.0 - 25.2.0
Fixed in 25.3.0
Are you affected? Scan for Free

TL;DR

Affected versions of the package are vulnerable to a denial-of-service condition due to a memory leak in Node.js’s OpenSSL integration. When converting X.509 certificate fields to UTF-8, allocated buffers are not freed, causing each call to socket.getPeerCertificate(true) to leak memory. A remote client can exploit this by repeatedly establishing TLS connections, leading to unbounded memory growth and eventual resource exhaustion.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

node is vulnerable to Denial of Service (DoS) in versions 25.0.0 - 25.2.0, 23.0.0 - 24.12.0, 21.0.0 - 22.21.1 and 0.0.1 - 20.19.6.

How to fix this

Upgrade the node library to a patch version.

Links

Are You Affected?

Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.

Scan for Free
Book a Demo

Free. No credit card required.

Aikido Platform
Subscribe
Stay up to date with all updates
LinkedIn YouTube X
© 2026 Aikido Security BV | BE0792914919
Ghent, Belgium | San Francisco, US
SOC 2SOC 2Compliant
ISO 27001ISO 27001Compliant
Get Security Done