16 matches found
CVE-2026-54490
CVE-2026-54490 involves the websocket-driver library. Prior to version 0.7.5, when used with the permessage-deflate extension, the message size check was based on the compressed frame length rather than the decompressed size, allowing a WebSocket server/client to accept messages larger than the c...
CVE-2026-54466
The CVE-2026-54466 entry concerns websocket-driver (WebSocket protocol handler). Prior to version 0.7.5, draft75.js parses a length header that can be abused by sending a sequence of bytes (0x80 or higher), causing an ever-growing integer to be produced. Because JavaScript numbers are 64‑bit floa...
CVE-2026-54465 websocket-driver: Memory exhaustion in HTTP header parser
websocket-driver is a WebSocket protocol handler with pluggable I/O. Prior to 0.8.1, when websocket-driver is used to implement a WebSocket server on top of a TCP server using WebSocket::Driver.server or to complement a WebSocket client, a peer can make a single connection consume an unbounded...
CVE-2026-54465
The CVE-2026-54465 issue affects the ruby websocket-driver library (WebSocket::Driver) used to implement a WebSocket server atop a TCP server or to complement a client. The root cause is a memory-exhaustion vulnerability in the HTTP header parser: a single connection can be induced to process an ...
CVE-2026-54463
The websocket-driver Ruby package is affected by a memory exhaustion issue in draft WebSocket protocol frames. Before 0.8.1, a length header can be exploited by sending an unbounded sequence of 0x80+ bytes, causing the peer to parse an ever-growing Ruby integer and potentially exhausting memory. ...
CVE-2026-54463 websocket-driver: Memory exhaustion via abuse of protocol length headers
websocket-driver is a WebSocket protocol handler with pluggable I/O. Prior to 0.8.1, draft versions of the WebSocket protocol in websocket-driver include a length header that allows an arbitrarily large integer to be encoded as bytes with the high bit set, and a server or client can send an...
CVE-2026-54464 websocket-driver: Resource limit bypass via message compression
Impact If this library is used in tandem with the permessage-deflate extension, a WebSocket server or client can be made to accept messages that are larger than the configured maximum message size. This is because this limit is checked against the message frames' length headers, which give the si...
websocket-driver: Resource limit bypass via message compression
Impact If this library is used in tandem with the permessage-deflate extension, a WebSocket server or client can be made to accept messages that are larger than the configured maximum message size. This is because this limit is checked against the message frames' length headers, which give the si...
NPM: websocket-driver: Resource limit bypass via message compression
NPM: websocket-driver: Resource limit bypass via message compression vulnerability discovered by ? in WordPress Npm websocket-driver versions 0.7.5...
NPM: websocket-driver: Message corruption via abuse of protocol length headers
NPM: websocket-driver: Message corruption via abuse of protocol length headers vulnerability discovered by ? in WordPress Npm websocket-driver versions 0.7.5...
GHSA-8J3G-F24P-4MPW websocket-driver: Memory exhaustion in HTTP header parser
Impact If this library is used to implement a WebSocket server on top of a TCP server rather than an HTTP server or framework using the WebSocket::Driver.server method, or, if it is used to complement a WebSocket client, then a peer can make a single connection consume an unbounded amount of memo...
websocket-driver: Memory exhaustion in HTTP header parser
Impact If this library is used to implement a WebSocket server on top of a TCP server rather than an HTTP server or framework using the WebSocket::Driver.server method, or, if it is used to complement a WebSocket client, then a peer can make a single connection consume an unbounded amount of memo...
PT-2026-60380
Name of the Vulnerable Software and Affected Versions websocket-driver versions prior to 0.8.1 Description When used to implement a WebSocket server on top of a TCP server via the WebSocket::Driver.server method or to complement a WebSocket client, the software is susceptible to memory exhaustion...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the handling of protocol length headers in draft versions of the WebSocket protocol. An attacker can cause excessive memory consumption by sending a continuous sequence of byt...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the permessage-deflate extension. An attacker can cause the application to process messages that exceed the intended resource limits by sending compressed messages that, when...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the HTTP header parser process. An attacker can cause excessive memory consumption by sending an HTTP request or response with an unbounded number of headers, leading to memory...