| Package | nodejs |
|---|---|
| Version | 10.24.0~dfsg-1~deb10u5 (buster) |
| Related CVEs | CVE-2025-23085 |
A vulnerability was fixed in Node.js, a popular JavaScript runtime implementation.
A memory leak could occur when a remote peer (client) abruptly closes an HTTP/2 socket without sending a GOAWAY notification. Additionally, the same leak could be triggered if an invalid header is detected by nghttp2, causing the connection to be terminated by the peer.
This flaw could lead to increased memory consumption and potential denial of service under certain conditions. This vulnerability affects Node.js HTTP/2 Server users.
For Debian 10 buster, these problems have been fixed in version 10.24.0~dfsg-1~deb10u5.
We recommend that you upgrade your nodejs packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.