Primary

Context

Node.js OpenSSL Integration Memory Leak Vulnerability Leading to Denial-of-Service

Vulnerability

Patched

A memory leak vulnerability has been identified in Node.js's integration with OpenSSL. This issue arises when X.509 certificate fields are converted to UTF-8 without properly freeing the allocated memory. As a result, applications that process TLS client certificates can experience a gradual increase in memory usage, triggered by remote clients through repeated TLS connections. Over time, this memory leak can cause resource exhaustion, leading to a denial-of-service condition.

Impact

Exploitation of this vulnerability causes a memory leak that can be exploited remotely, leading to resource exhaustion and denial-of-service.

Remediation

This vulnerability has been fixed in Node.js version 24.12.0. Users should upgrade to this version or a later release in the 24.x line.

Added: Jan 20, 2026, 9:28 PM

Updated: Jan 20, 2026, 9:28 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

4.7

remediation

7.7

relevance

2.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

4.7

remediation

7.7

relevance

2.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Node.js OpenSSL Integration Memory Leak Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

Node.js

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating