projects / nodejs.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: cab95b4) | patch
src: fix HTTP2 mem leak on premature close and ERR_PROTO
authorRafaelGSS <rafael.nunu@hotmail.com>
Tue, 17 Dec 2024 19:58:03 +0000 (16:58 -0300)
committerBastien Roucariès <rouca@debian.org>
Mon, 6 Apr 2026 14:18:52 +0000 (16:18 +0200)
commitf0a859821d55f9afbdb7250c5945b9b93be67715
treeb78fe960ca251c1db4fd2dd310aa4e32009aa195tree | snapshot
parentcab95b46786107d4a6053958c1218c46542d23a8commit | diff
src: fix HTTP2 mem leak on premature close and ERR_PROTO

This commit fixes a memory leak when the socket is
suddenly closed by the peer (without GOAWAY notification)
and when invalid header (by nghttp2) is identified and the
connection is terminated by peer.

Refs: https://hackerone.com/reports/2841362
PR-URL: https://github.com/nodejs-private/node-private/pull/650
Reviewed-By: James M Snell <jasnell@gmail.com>
CVE-ID: CVE-2025-23085
origin: https://github.com/nodejs/node/commit/6cc8d58e6f97c37c228f134bd9b98246c8871fb1

Gbp-Pq: Name CVE-2025-23085.patch
lib/internal/http2/core.js diff | blob | history
src/node_http2.cc diff | blob | history
test/parallel/test-http2-connect-method-extended-cant-turn-off.js diff | blob | history
test/parallel/test-http2-invalid-last-stream-id.js [new file with mode: 0644] blob
test/parallel/test-http2-options-max-headers-block-length.js diff | blob | history
test/parallel/test-http2-options-max-headers-exceeds-nghttp2.js diff | blob | history
test/parallel/test-http2-premature-close.js [new file with mode: 0644] blob
Unnamed repository; edit this file 'description' to name the repository.