5 matches found
websocket-driver: Resource limit bypass via message compression
Impact If this library is used in tandem with the permessage-deflate extension, a WebSocket server or client can be made to accept messages that are larger than the configured maximum message size. This is because this limit is checked against the message frames' length headers, which give the si...
websocket-driver: Message corruption via abuse of protocol length headers
Impact The frame format in draft versions of the WebSocket protocol includes a length header that allows an arbitrarily large integer to be encoded as a sequence of bytes with the high bit set. By sending an indefinite sequence of bytes with values 0x80 or above, a client can make the server pars...
websocket-driver: Resource limit bypass via message compression
Impact If this library is used in tandem with the permessage-deflate extension, a WebSocket server or client can be made to accept messages that are larger than the configured maximum message size. This is because this limit is checked against the message frames' length headers, which give the si...
websocket-driver: Memory exhaustion via abuse of protocol length headers
Impact The frame format in draft versions of the WebSocket protocol includes a length header that allows an arbitrarily large integer to be encoded as a sequence of bytes with the high bit set. By sending an indefinite sequence of bytes with values 0x80 or above, a server or client can make the...
PT-2026-60381
Name of the Vulnerable Software and Affected Versions websocket-driver versions prior to 0.7.5 Description The frame format in draft versions of the WebSocket protocol contains a length header that allows an arbitrarily large integer to be encoded as a sequence of bytes with the high bit set. A...