EUVD-2020-1096

Malware in sbrugna...

Malicious code in uws-trashme-after-121-merge (npm)

The package uws-trashme-after-121-merge was found to contain malicious code...

MAL-2025-38018 Malicious code in uws-trashme-after-121-merge (npm)

The package uws-trashme-after-121-merge was found to contain malicious code...

OSV-2021-1727 UNKNOWN WRITE in void uWS::WebSocketProtocol<true, Impl>::UnrolledXor<4>

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=42672 Crash type: UNKNOWN WRITE Crash state: void uWS::WebSocketProtocol::UnrolledXor void uWS::WebSocketProtocol::UnrolledXor void uWS::WebSocketProtocol::UnrolledXor...

OSV-2021-1392 Container-overflow in std::__1::__function::__func<uWS::TemplatedApp<false>&& uWS::TemplatedApp<false>

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39354 Crash type: Container-overflow READ 1 Crash state: std::1::function::func&& uWS::TemplatedApp uWS::TopicTree::publish ofats::anydetail::handlertraitsvoid, uWS::WebSocketfalse, true, test...

OSV-2021-1390 Container-overflow in std::__1::__function::__func<uWS::TemplatedApp<false>&& uWS::TemplatedApp<false>

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39348 Crash type: Container-overflow READ 1 Crash state: std::1::function::func&& uWS::TemplatedApp uWS::WebSocketfalse, true, test uWS::WebSocketfalse, true, test...

OSV-2021-1386 Container-overflow in std::__1::__function::__func<uWS::TemplatedApp<true>&& uWS::TemplatedApp<true>::

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39355 Crash type: Container-overflow READ 1 Crash state: std::1::function::func&& uWS::TemplatedApp:: uWS::TopicTree::publish uWS::TemplatedApp::publish...

Stack overflow

uWebSockets 18.11.0 and 18.12.0 has a stack-based buffer overflow in uWS::TopicTree::trimTree called from uWS::TopicTree::unsubscribeAll. NOTE: the vendor's position is that this is "a minor issue or not even an issue at all" because the developer of an application that uses uWebSockets should no...

OSV-2021-453 UNKNOWN WRITE in std::__1::pair<unsigned int, void*> uWS::HttpParser::fenceAndConsumePostPadded<0

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31457 Crash type: UNKNOWN WRITE Crash state: std::1::pair uWS::HttpParser::fenceAndConsumePostPadded0 uWS::HttpParser::consumePostPadded std::1::function::funcLLVMFuzzerTestOneInput::$0, std::1::allocatorLL...

OSV-2020-2221 UNKNOWN READ in std::__1::pair<unsigned int, void*> uWS::HttpParser::fenceAndConsumePostPadded<0

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28216 Crash type: UNKNOWN READ Crash state: std::1::pair uWS::HttpParser::fenceAndConsumePostPadded0 uWS::HttpParser::consumePostPadded std::1::function::funcLLVMFuzzerTestOneInput::$0, std::1::allocatorLL...

OSV-2020-2217 Heap-buffer-overflow in std::__1::pair<int, void*> uWS::HttpParser::fenceAndConsumePostPadded<0>

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28143 Crash type: Heap-buffer-overflow READ Crash state: std::1::pair uWS::HttpParser::fenceAndConsumePostPadded uWS::HttpParser::consumePostPadded uWS::HttpContext::init...

uwebsockets:TopicTree: Index-out-of-bounds in uWS::TopicTree::publish

Project: https://github.com/uNetworking/uWebSockets.git Detailed Report: https://oss-fuzz.com/testcase?key=5926030899150848 Project: uwebsockets Fuzzing Engine: libFuzzer Fuzz Target: TopicTree Job Type: libfuzzerubsanuwebsockets Platform Id: linux Crash Type: Index-out-of-bounds Crash Address:...

GHSA-HF5H-HH56-3VRG Denial of Service in uws

Affected versions of uws do not properly handle large websocket messages when permessage-deflate is enabled, which may result in a denial of service condition. If uws recieves a 256Mb websocket message when permessage-deflate is enabled, the server will compress the message prior to executing the...

Denial of Service in uws

Affected versions of uws do not properly handle large websocket messages when permessage-deflate is enabled, which may result in a denial of service condition. If uws recieves a 256Mb websocket message when permessage-deflate is enabled, the server will compress the message prior to executing the...

OSV-2020-1641 Use-of-uninitialized-value in us_internal_dispatch_ready_poll

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25057 Crash type: Use-of-uninitialized-value Crash state: usinternaldispatchreadypoll uslooprun uWS::TemplatedApp::run...

uwebsockets:MockedBroadcastingEchoServer: Heap-buffer-overflow in uWS::TopicTree::publish

Project: https://github.com/uNetworking/uWebSockets.git Detailed Report: https://oss-fuzz.com/testcase?key=5725321316007936 Project: uwebsockets Fuzzing Engine: libFuzzer Fuzz Target: MockedBroadcastingEchoServer Job Type: libfuzzerasanuwebsockets Platform Id: linux Crash Type: Heap-buffer-overfl...

CVE-2016-10544

uws is a WebSocket server library. By sending a 256mb websocket message to a uws server instance with permessage-deflate enabled, there is a possibility used compression will shrink said 256mb down to less than 16mb of websocket payload which passes the length check of 16mb payload. This data wil...

Design/Logic Flaw

uws is a WebSocket server library. By sending a 256mb websocket message to a uws server instance with permessage-deflate enabled, there is a possibility used compression will shrink said 256mb down to less than 16mb of websocket payload which passes the length check of 16mb payload. This data wil...

CVE-2016-10544

uws is a WebSocket server library. By sending a 256mb websocket message to a uws server instance with permessage-deflate enabled, there is a possibility used compression will shrink said 256mb down to less than 16mb of websocket payload which passes the length check of 16mb payload. This data wil...

CVE-2016-10544

The CVE affects uws (WebSocket server library). A crafted 256 MB websocket message with permessage-deflate enabled can be compressed then uncompressed to exceed V8’s maximum string size during processing, causing the node process to crash. Affected versions are 0.10.0 through 0.10.8. The issue ar...