CVE-2025-23085

MEDIUM Year: 2025
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-401
View all →

Vulnerability Description

A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions. This vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.

Related Vulnerabilities

CVE-2019-12265

MEDIUM
CVSS:5.3(Medium)

Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security vulnerability: IGMP Information leak via IGMPv3 specific membership ...

CWE-4012019

CVE-2019-4141

MEDIUM
CVSS:5.3(Medium)

IBM MQ 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.9, 8.0.0.0 - 8.0.0.11, 9.0.0.0 - 9.0.0.6, 9.1.0.0 - 9.1.0.2, and 9.1.1 - 9.1.2 is vulnerable to a denial of service attack caused by a memory leak in the clus...

CWE-4012019

CVE-2019-6647

MEDIUM
CVSS:5.3(Medium)

On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, 12.1.0-12.1.4.1, 11.5.2-11.6.4, when processing authentication attempts for control-plane users MCPD leaks a small amount of memory. Under ra...

CWE-4012019

CVE-2020-26418

MEDIUM
CVSS:5.3(Medium)

Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.

CWE-4012020

CVE-2020-26419

MEDIUM
CVSS:5.3(Medium)

Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file.

CWE-4012020

CVE-2020-26420

MEDIUM
CVSS:5.3(Medium)

Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.

CWE-4012020