Lucene search
+L

5 matches found

Github Security Blog
Github Security Blog
added 3 days ago9 views

websocket-driver: Resource limit bypass via message compression

Impact If this library is used in tandem with the permessage-deflate extension, a WebSocket server or client can be made to accept messages that are larger than the configured maximum message size. This is because this limit is checked against the message frames' length headers, which give the si...

6.3CVSS6AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 3 days ago12 views

websocket-driver: Message corruption via abuse of protocol length headers

Impact The frame format in draft versions of the WebSocket protocol includes a length header that allows an arbitrarily large integer to be encoded as a sequence of bytes with the high bit set. By sending an indefinite sequence of bytes with values 0x80 or above, a client can make the server pars...

9.2CVSS6AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 3 days ago8 views

websocket-driver: Resource limit bypass via message compression

Impact If this library is used in tandem with the permessage-deflate extension, a WebSocket server or client can be made to accept messages that are larger than the configured maximum message size. This is because this limit is checked against the message frames' length headers, which give the si...

6.3CVSS6AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 3 days ago8 views

websocket-driver: Memory exhaustion via abuse of protocol length headers

Impact The frame format in draft versions of the WebSocket protocol includes a length header that allows an arbitrarily large integer to be encoded as a sequence of bytes with the high bit set. By sending an indefinite sequence of bytes with values 0x80 or above, a server or client can make the...

6.9CVSS6.1AI score
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 3 days ago9 views

PT-2026-60381

Name of the Vulnerable Software and Affected Versions websocket-driver versions prior to 0.7.5 Description The frame format in draft versions of the WebSocket protocol contains a length header that allows an arbitrarily large integer to be encoded as a sequence of bytes with the high bit set. A...

9.2CVSS5.2AI score
Exploits0References6
Rows per page
Query Builder