8 matches found
EUVD-2026-11703
Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client...
Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client
Impact A server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process. Patches Patched in the undici version v7.24.0 and v6.24....
GHSA-F269-VFMQ-VJVJ Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client
Impact A server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process. Patches Patched in the undici version v7.24.0 and v6.24....
CVE-2026-1528
ImpactA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process. Patches Patched in the undici version v7.24.0 and v6.24.0...
Uncaught Exception
Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Uncaught Exception in the ByteParser when handling a specially crafted WebSocket frame with an extremely large 64-bit length. An attacker can cause the process to termina...
CVE-2026-1528 undici is vulnerable to Malicious WebSocket 64-bit length overflows undici parser and crashes the client
ImpactA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process. Patches Patched in the undici version v7.24.0 and v6.24.0...
undici 安全漏洞
Undici is an open-source HTTP/1.1 client developed by Node.js. There is a security vulnerability in Undici, which stems from ByteParser’s internal mathematical operation overflow when processing WebSocket frames that use 64-bit length formats and have extremely large lengths. This could lead to t...
PT-2026-25075
Name of the Vulnerable Software and Affected Versions undici versions prior to 7.24.0 undici versions prior to 6.24.0 Description A server can respond with a WebSocket frame utilizing the 64-bit length format and an excessively large length value. The ByteParser component within undici experience...