CVE-2025-59465

ADVISORY - nist

Summary

A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not attach explicit error handlers to secure sockets, for example:

server.on('secureConnection', socket => {
  socket.on('error', err => {
    console.log(err)
  })
})

EPSS Score⁠: 0.00076 (0.228)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-400⁠

Uncontrolled Resource Consumption

ADVISORY - redhat

CWE-248⁠

Uncaught Exception

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.