Bug 2431343 (CVE-2025-59466) - CVE-2025-59466 nodejs: Nodejs denial of service
Summary: CVE-2025-59466 nodejs: Nodejs denial of service
Keywords:
Status: NEW
Alias: CVE-2025-59466
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2431464 2431465 2431466 2431467 2431468 2431469 2431470
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-01-20 21:02 UTC by OSIDB Bzimport
Modified: 2026-02-17 11:23 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2026:2447 0 None None None 2026-02-10 14:22:52 UTC
Red Hat Product Errata RHBA-2026:2815 0 None None None 2026-02-17 11:23:57 UTC
Red Hat Product Errata RHSA-2026:1842 0 None None None 2026-02-05 15:58:39 UTC
Red Hat Product Errata RHSA-2026:1843 0 None None None 2026-02-05 15:58:30 UTC
Red Hat Product Errata RHSA-2026:2420 0 None None None 2026-02-10 12:45:42 UTC
Red Hat Product Errata RHSA-2026:2421 0 None None None 2026-02-10 12:45:11 UTC
Red Hat Product Errata RHSA-2026:2422 0 None None None 2026-02-10 12:44:53 UTC
Red Hat Product Errata RHSA-2026:2781 0 None None None 2026-02-17 09:25:18 UTC
Red Hat Product Errata RHSA-2026:2782 0 None None None 2026-02-17 09:26:16 UTC
Red Hat Product Errata RHSA-2026:2783 0 None None None 2026-02-17 09:25:35 UTC

Description OSIDB Bzimport 2026-01-20 21:02:10 UTC 
We have identified a bug in Node.js error handling where "Maximum call stack size exceeded" errors become uncatchable when `async_hooks.createHook()` is enabled. Instead of reaching `process.on('uncaughtException')`, the process terminates, making the crash unrecoverable. Applications that rely on `AsyncLocalStorage` (v22, v20) or `async_hooks.createHook()` (v24, v22, v20) become vulnerable to denial-of-service crashes triggered by deep recursion under specific conditions.
Comment 2 errata-xmlrpc 2026-02-05 15:58:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:1843 https://access.redhat.com/errata/RHSA-2026:1843
Comment 3 errata-xmlrpc 2026-02-05 15:58:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:1842 https://access.redhat.com/errata/RHSA-2026:1842
Comment 4 errata-xmlrpc 2026-02-10 12:44:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:2422 https://access.redhat.com/errata/RHSA-2026:2422
Comment 5 errata-xmlrpc 2026-02-10 12:45:10 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:2421 https://access.redhat.com/errata/RHSA-2026:2421
Comment 6 errata-xmlrpc 2026-02-10 12:45:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:2420 https://access.redhat.com/errata/RHSA-2026:2420
Comment 7 errata-xmlrpc 2026-02-17 09:25:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:2781 https://access.redhat.com/errata/RHSA-2026:2781
Comment 8 errata-xmlrpc 2026-02-17 09:25:34 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:2783 https://access.redhat.com/errata/RHSA-2026:2783
Comment 9 errata-xmlrpc 2026-02-17 09:26:15 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:2782 https://access.redhat.com/errata/RHSA-2026:2782
Note You need to log in before you can comment on or make changes to this bug.