2 matches found
CVE-2016-10544
uws is a WebSocket server library. By sending a 256mb websocket message to a uws server instance with permessage-deflate enabled, there is a possibility used compression will shrink said 256mb down to less than 16mb of websocket payload which passes the length check of 16mb payload. This data wil...
CVE-2016-10544
The CVE affects uws (WebSocket server library). A crafted 256 MB websocket message with permessage-deflate enabled can be compressed then uncompressed to exceed V8’s maximum string size during processing, causing the node process to crash. Affected versions are 0.10.0 through 0.10.8. The issue ar...