CVE-2022-35922 Memory allocation based on untrusted length in rust-websocket

Rust-WebSocket is a WebSocket RFC6455 library written in Rust. In versions prior to 0.26.5 untrusted websocket connections can cause an out-of-memory OOM process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based...

CVE-2022-35922 Memory allocation based on untrusted length in rust-websocket

Rust-WebSocket is a WebSocket RFC6455 library written in Rust. In versions prior to 0.26.5 untrusted websocket connections can cause an out-of-memory OOM process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based...

CVE-2022-35922

Rust-WebSocket (rust-websocket) prior to 0.26.5 is vulnerable: untrusted data during dataframe parsing can drive an allocation based on a declar ed size, causing an OOM abort in the sync (non-Tokio) path; the async path does not use Vec::with_capacity, so DoS is tied to delivered oversized data. ...

CVE-2022-35922 Memory allocation based on untrusted length in rust-websocket

Rust-WebSocket is a WebSocket RFC6455 library written in Rust. In versions prior to 0.26.5 untrusted websocket connections can cause an out-of-memory OOM process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based...

adsbx_browser (=0.1.0), adsbx_screenshot (>=0.1.0 <=1.4.1) +98 more potentially affected by CVE-2022-35922 via websocket (>=0.10.5 <=0.24.0)

websocket CARGO version =0.10.5, =0.1.0, =0.1.0, =0.1.3, =0.1.0, =0.0.6, =1.0.0, =0.1.0, =0.0.0, =0.1.0, =0.1.2, =0.3.3, =0.6.25, =0.0.3, =0.1.0, =0.1.1 and more Source cves: CVE-2022-35922 Source advisory: OSV:RUSTSEC-2022-0035...

Unbounded memory allocation based on untrusted length

Impact Untrusted websocket connections can cause an out-of-memory OOM process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based on the declared dataframe size, which may come from an untrusted source. When...

RUSTSEC-2022-0035 Unbounded memory allocation based on untrusted length

Impact Untrusted websocket connections can cause an out-of-memory OOM process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based on the declared dataframe size, which may come from an untrusted source. When...

Rust-WebSocket 资源管理错误漏洞

Rust-WebSocket is a Rust-based WebSocket library. A resource management error vulnerability exists in Rust-WebSocket versions prior to 0.26.5, which stems from the fact that an untrusted websocket connection may cause an out-of-memory OOM process to abort on the client or server. The root cause o...

Fedora: Security Advisory for golang-github-gobwas-ws (FEDORA-2022-ea8f4e232d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: golang-github-gobwas-ws-1.1.0-4.fc36

Tiny WebSocket library for Go...

Security Bulletin: IBM UrbanCode Release is vulnerable to a bypass of security restrictions due to use of Apache Tomcat (CVE-2022-25762).

Summary Apache Tomcat is used by IBM UrbanCode Release. This fix includes Apache Tomcat 8.5.79. Vulnerability Details CVEID:CVE-2022-25762 DESCRIPTION: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by improper error handling in WebSocket connection. By sendin...

Fedora: Security Advisory for golang-github-gobwas-ws (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: golang-github-gobwas-ws-1.1.0-3.fc35

Tiny WebSocket library for Go...

Undertow vulnerable to memory exhaustion due to buffer leak

Buffer leak on incoming WebSocket PONG messages in Undertow before 2.0.40 and 2.2.10 can lead to memory exhaustion and allow a denial of service...

GHSA-FJ7C-VG2V-CCRM Undertow vulnerable to memory exhaustion due to buffer leak

Buffer leak on incoming WebSocket PONG messages in Undertow before 2.0.40 and 2.2.10 can lead to memory exhaustion and allow a denial of service...

PT-2022-10597 · Undertow · Undertow

Name of the Vulnerable Software and Affected Versions: Undertow versions prior to 2.0.40 Undertow versions prior to 2.2.10 Description: A flaw was found in Undertow, where a buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion, allowing an attacker to cause a denial of...

CVE-2022-31080

KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, a large response received by the viaduct WSClient can cause a DoS from memory exhaustion. The entire body of the response is...

Design/Logic Flaw

KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, a large response received by the viaduct WSClient can cause a DoS from memory exhaustion. The entire body of the response is...

GHSA-6WVC-6PWW-QR4R DoS in KubeEdge's Websocket Client in package Viaduct

Impact A large response received by the viaduct WSClient can cause a DoS from memory exhaustion. The entire body of the response is being read into memory which could allow an attacker to send a request that returns a response with a large body. The consequence of the exhaustion is that the proce...

DoS in KubeEdge's Websocket Client in package Viaduct

Impact A large response received by the viaduct WSClient can cause a DoS from memory exhaustion. The entire body of the response is being read into memory which could allow an attacker to send a request that returns a response with a large body. The consequence of the exhaustion is that the proce...