Lucene search
K

8 matches found

EUVD
EUVD
added 2026/03/13 8:7 p.m.2 views

EUVD-2026-11703

Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client...

7.5CVSS5.8AI score0.00488EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/13 8:7 p.m.9 views

Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client

Impact A server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process. Patches Patched in the undici version v7.24.0 and v6.24....

7.5CVSS5.8AI score0.00488EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/13 8:7 p.m.5 views

GHSA-F269-VFMQ-VJVJ Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client

Impact A server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process. Patches Patched in the undici version v7.24.0 and v6.24....

7.5CVSS5.8AI score0.00488EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/03/12 9:16 p.m.5 views

CVE-2026-1528

ImpactA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process. Patches Patched in the undici version v7.24.0 and v6.24.0...

7.5CVSS7.1AI score0.00488EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/12 8:21 p.m.3 views

Uncaught Exception

Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Uncaught Exception in the ByteParser when handling a specially crafted WebSocket frame with an extremely large 64-bit length. An attacker can cause the process to termina...

8.7CVSS5.8AI score0.00488EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/12 8:21 p.m.2 views

CVE-2026-1528 undici is vulnerable to Malicious WebSocket 64-bit length overflows undici parser and crashes the client

ImpactA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process. Patches Patched in the undici version v7.24.0 and v6.24.0...

7.5CVSS5.8AI score0.00488EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.7 views

undici 安全漏洞

Undici is an open-source HTTP/1.1 client developed by Node.js. There is a security vulnerability in Undici, which stems from ByteParser’s internal mathematical operation overflow when processing WebSocket frames that use 64-bit length formats and have extremely large lengths. This could lead to t...

7.5CVSS7AI score0.00488EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.6 views

PT-2026-25075

Name of the Vulnerable Software and Affected Versions undici versions prior to 7.24.0 undici versions prior to 6.24.0 Description A server can respond with a WebSocket frame utilizing the 64-bit length format and an excessively large length value. The ByteParser component within undici experience...

7.5CVSS6.8AI score0.00488EPSS
Exploits0References210
Rows per page
Query Builder