CVE-2025-23085
CVE-2025-23085
Título es
CVE-2025-23085
Vie, 07/02/2025 – 07:15
Gravedad 2.0 Txt
Pendiente de análisis
Título en
CVE-2025-23085
Descripción en
A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions.
This vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.
07/02/2025
07/02/2025
Vector CVSS:3.1
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Gravedad 3.1 (CVSS 3.1 Base Score)
5.30
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM
Enviar en el boletín
Off
