EUVD-2020-1096

Malware in sbrugna...

Malicious code in uws-trashme-after-121-merge (npm)

The package uws-trashme-after-121-merge was found to contain malicious code...

MAL-2025-38018 Malicious code in uws-trashme-after-121-merge (npm)

The package uws-trashme-after-121-merge was found to contain malicious code...

OSV-2021-1727 UNKNOWN WRITE in void uWS::WebSocketProtocol<true, Impl>::UnrolledXor<4>

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42672 Crash type: UNKNOWN WRITE Crash state: void uWS::WebSocketProtocol::UnrolledXor void uWS::WebSocketProtocol::UnrolledXor void uWS::WebSocketProtocol::UnrolledXor...

OSV-2021-1392 Container-overflow in std::__1::__function::__func<uWS::TemplatedApp<false>&& uWS::TemplatedApp<false>

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39354 Crash type: Container-overflow READ 1 Crash state: std::1::function::func&& uWS::TemplatedApp uWS::TopicTree::publish ofats::anydetail::handlertraitsvoid, uWS::WebSocketfalse, true, test...

OSV-2021-1390 Container-overflow in std::__1::__function::__func<uWS::TemplatedApp<false>&& uWS::TemplatedApp<false>

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39348 Crash type: Container-overflow READ 1 Crash state: std::1::function::func&& uWS::TemplatedApp uWS::WebSocketfalse, true, test uWS::WebSocketfalse, true, test...

OSV-2021-1386 Container-overflow in std::__1::__function::__func<uWS::TemplatedApp<true>&& uWS::TemplatedApp<true>::

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39355 Crash type: Container-overflow READ 1 Crash state: std::1::function::func&& uWS::TemplatedApp:: uWS::TopicTree::publish uWS::TemplatedApp::publish...

Stack overflow

uWebSockets 18.11.0 and 18.12.0 has a stack-based buffer overflow in uWS::TopicTree::trimTree called from uWS::TopicTree::unsubscribeAll. NOTE: the vendor's position is that this is "a minor issue or not even an issue at all" because the developer of an application that uses uWebSockets should no...

OSV-2021-453 UNKNOWN WRITE in std::__1::pair<unsigned int, void*> uWS::HttpParser::fenceAndConsumePostPadded<0

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31457 Crash type: UNKNOWN WRITE Crash state: std::1::pair uWS::HttpParser::fenceAndConsumePostPadded0 uWS::HttpParser::consumePostPadded std::1::function::funcLLVMFuzzerTestOneInput::$0, std::1::allocatorLL...

OSV-2020-2221 UNKNOWN READ in std::__1::pair<unsigned int, void*> uWS::HttpParser::fenceAndConsumePostPadded<0

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28216 Crash type: UNKNOWN READ Crash state: std::1::pair uWS::HttpParser::fenceAndConsumePostPadded0 uWS::HttpParser::consumePostPadded std::1::function::funcLLVMFuzzerTestOneInput::$0, std::1::allocatorLL...

OSV-2020-2217 Heap-buffer-overflow in std::__1::pair<int, void*> uWS::HttpParser::fenceAndConsumePostPadded<0>

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28143 Crash type: Heap-buffer-overflow READ Crash state: std::1::pair uWS::HttpParser::fenceAndConsumePostPadded uWS::HttpParser::consumePostPadded uWS::HttpContext::init...

uwebsockets:TopicTree: Index-out-of-bounds in uWS::TopicTree::publish

Project: https://github.com/uNetworking/uWebSockets.git Detailed Report: https://oss-fuzz.com/testcase?key=5926030899150848 Project: uwebsockets Fuzzing Engine: libFuzzer Fuzz Target: TopicTree Job Type: libfuzzerubsanuwebsockets Platform Id: linux Crash Type: Index-out-of-bounds Crash Address:...

Denial of Service in uws

Affected versions of uws do not properly handle large websocket messages when permessage-deflate is enabled, which may result in a denial of service condition. If uws recieves a 256Mb websocket message when permessage-deflate is enabled, the server will compress the message prior to executing the...

GHSA-HF5H-HH56-3VRG Denial of Service in uws

Affected versions of uws do not properly handle large websocket messages when permessage-deflate is enabled, which may result in a denial of service condition. If uws recieves a 256Mb websocket message when permessage-deflate is enabled, the server will compress the message prior to executing the...

OSV-2020-1641 Use-of-uninitialized-value in us_internal_dispatch_ready_poll

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25057 Crash type: Use-of-uninitialized-value Crash state: usinternaldispatchreadypoll uslooprun uWS::TemplatedApp::run...

uwebsockets:MockedBroadcastingEchoServer: Heap-buffer-overflow in uWS::TopicTree::publish

Project: https://github.com/uNetworking/uWebSockets.git Detailed Report: https://oss-fuzz.com/testcase?key=5725321316007936 Project: uwebsockets Fuzzing Engine: libFuzzer Fuzz Target: MockedBroadcastingEchoServer Job Type: libfuzzerasanuwebsockets Platform Id: linux Crash Type: Heap-buffer-overfl...

CVE-2016-10544

uws is a WebSocket server library. By sending a 256mb websocket message to a uws server instance with permessage-deflate enabled, there is a possibility used compression will shrink said 256mb down to less than 16mb of websocket payload which passes the length check of 16mb payload. This data wil...

Design/Logic Flaw

uws is a WebSocket server library. By sending a 256mb websocket message to a uws server instance with permessage-deflate enabled, there is a possibility used compression will shrink said 256mb down to less than 16mb of websocket payload which passes the length check of 16mb payload. This data wil...

CVE-2016-10544

uws is a WebSocket server library. By sending a 256mb websocket message to a uws server instance with permessage-deflate enabled, there is a possibility used compression will shrink said 256mb down to less than 16mb of websocket payload which passes the length check of 16mb payload. This data wil...

CVE-2016-10544

The CVE affects uws (WebSocket server library). A crafted 256 MB websocket message with permessage-deflate enabled can be compressed then uncompressed to exceed V8’s maximum string size during processing, causing the node process to crash. Affected versions are 0.10.0 through 0.10.8. The issue ar...