diff mbox series

[meta-OE,scarthgap,5/5] Nodejs 20.18.2: Fix CVE-2025-59465

Message ID 20260212052114.3215220-5-adongare@cisco.com
State New
Headers show
Series [meta-OE,scarthgap,1/5] Nodejs 20.18.2: Fix CVE-2025-55132 | expand

Commit Message

Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco) Feb. 12, 2026, 5:21 a.m. UTC 
From: Anil Dongare <adongare@cisco.com>

Upstream Repository: https://github.com/nodejs/node.git

Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2025-59465
Type: Security Fix
CVE: CVE-2025-59465
Score: 7.5
Patch: https://github.com/nodejs/node/commit/eb8e41f8dbe6

Signed-off-by: Anil Dongare <adongare@cisco.com>
---
 .../nodejs/nodejs/CVE-2025-59465.patch        | 49 +++++++++++++++++++
 .../recipes-devtools/nodejs/nodejs_20.18.2.bb |  1 +
 2 files changed, 50 insertions(+)
 create mode 100644 meta-oe/recipes-devtools/nodejs/nodejs/CVE-2025-59465.patch
diff mbox series

Patch

diff --git a/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2025-59465.patch b/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2025-59465.patch
new file mode 100644
index 0000000000..81d64609c3
--- /dev/null
+++ b/meta-oe/recipes-devtools/nodejs/nodejs/CVE-2025-59465.patch
@@ -0,0 +1,49 @@ 
+From 27ddb91569c1bd9c72dbc557e53458b9ebfbc573 Mon Sep 17 00:00:00 2001
+From: RafaelGSS <rafael.nunu@hotmail.com>
+Date: Fri, 31 Oct 2025 16:27:48 -0300
+Subject: [PATCH 5/6] lib: add TLSSocket default error handler
+
+This prevents the server from crashing due to an unhandled rejection
+when a TLSSocket connection is abruptly destroyed during initialization
+and the user has not attached an error handler to the socket.
+e.g:
+
+```js
+const server = http2.createSecureServer({ ... })
+server.on('secureConnection', socket => {
+  socket.on('error', err => {
+    console.log(err)
+  })
+})
+```
+
+PR-URL: https://github.com/nodejs-private/node-private/pull/797
+Fixes: https://github.com/nodejs/node/issues/44751
+Refs: https://hackerone.com/bugs?subject=nodejs&report_id=3262404
+Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
+Reviewed-By: Anna Henningsen <anna@addaleax.net>
+CVE-ID: CVE-2025-59465
+
+CVE: CVE-2025-59465
+Upstream-Status: Backport [https://github.com/nodejs/node/commit/eb8e41f8dbe6]
+
+(cherry picked from commit eb8e41f8dbe6de127fb11baca725e1b469612434)
+Signed-off-by: Anil Dongare <adongare@cisco.com>
+---
+ lib/_tls_wrap.js | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js
+index c3e48a6cbc8..d9c7e32174d 100644
+--- a/lib/_tls_wrap.js
++++ b/lib/_tls_wrap.js
+@@ -1268,6 +1268,7 @@ function tlsConnectionListener(rawSocket) {
+   socket[kErrorEmitted] = false;
+   socket.on('close', onSocketClose);
+   socket.on('_tlsError', onSocketTLSError);
++  socket.on('error', onSocketTLSError);
+ }
+
+ // AUTHENTICATION MODES
+--
+2.43.7
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs_20.18.2.bb b/meta-oe/recipes-devtools/nodejs/nodejs_20.18.2.bb
index 68eb40bc1d..b1c9057557 100644
--- a/meta-oe/recipes-devtools/nodejs/nodejs_20.18.2.bb
+++ b/meta-oe/recipes-devtools/nodejs/nodejs_20.18.2.bb
@@ -33,6 +33,7 @@  SRC_URI = "http://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz \
            file://CVE-2025-55130.patch \
            file://CVE-2025-59466.patch \
            file://CVE-2026-21637.patch \
+           file://CVE-2025-59465.patch \
            "
 SRC_URI:append:class-target = " \
            file://0001-Using-native-binaries.patch \