- Description
- A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions. This vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.
- Source
- support@hackerone.com
- NVD status
- Received
CVSS 3.0
- Type
- Secondary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
- Severity
- MEDIUM
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-401
- Hype score
- Not currently trending
CVE-2025-23085 A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nght… https://t.co/oU9Mbag5dH
@CVEnew
7 Feb 2025
396 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-23085 nodejs https://t.co/f1cfPjEtgU
@VulmonFeeds
28 Jan 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[#KUSANAGI9 Updated!] KUSANAGI 9 Module Update KUSANAGI 9 modules have been updated. The updated modules are as follows: nodejs 18.20.6-1 This update includes support for vulnerability(CVE-2025-23085, CVE-2025-23084,... https://t.co/6IiNTOqAmN #KUSANAGI #KUSANAGI9
@kusanagi_saya
24 Jan 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes