11 matches found
CVE-2022-39386
@fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been patched in version 7.1....
Denial Of Service (DoS)
@fastify/websocket and fastify-websocket are vulnerable to denial of service. The vulnerability is due to the fastifyWebsocket function in index.js which crashes the application on an uncaught exception when processing a malformed packet...
CVE-2022-39386
@fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been patched in version 7.1....
Design/Logic Flaw
@fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been patched in version 7.1....
CVE-2022-39386 fastify-websocket vulnerable to uncaught exception via crash on malformed packet
@fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been patched in version 7.1....
CVE-2022-39386 fastify-websocket vulnerable to uncaught exception via crash on malformed packet
@fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been patched in version 7.1....
CVE-2022-39386 fastify-websocket vulnerable to uncaught exception via crash on malformed packet
@fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been patched in version 7.1....
CVE-2022-39386
The CVE concerns @fastify/websocket/fastify-websocket: all versions are reported to crash when processing a specific malformed WebSocket packet, causing a Denial of Service. The issue stems from a crash on malformed input, and the module is deprecated with no built-in patches. Patched versions ar...
@0x77/ccpack (>=0.0.0 <=0.1.5), @aio-server/core (>=0.0.1 <=0.0.1001) +87 more potentially affected by CVE-2022-39386 via fastify-websocket (>=0.3.0 <=4.3.0)
fastify-websocket NPM version =0.3.0, =0.0.0, =0.0.1, =0.0.1, =0.0.15, =0.0.13, =1.0.0, =0.2.42, =1.0.0, =2.0.3, =9.1.1, =9.1.4 and more Source cves: CVE-2022-39386 Source advisory: OSV:GHSA-4PCG-WR6C-H9CQ...
GHSA-4PCG-WR6C-H9CQ fastify/websocket vulnerable to uncaught exception via crash on malformed packet
Impact Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. Patches This has been patched in v7.1.1 fastify v4 and v5.0.1 fastify v3. Workarounds No...
PT-2022-24945 · Fastify · @Fastify/Websocket
Name of the Vulnerable Software and Affected Versions: fastify-websocket versions prior to 7.1.1 fastify v4 and prior to 5.0.1 fastify v3 @fastify/websocket all versions, deprecated Description: Any application using @fastify/websocket could crash if a specific, malformed packet is sent. The issu...