GHSA-58QX-3VCG-4XPX ws: Uninitialized memory disclosure

Impact The websocket.close implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the reason argument. Proof of concept js import deepStrictEqual from 'node:assert'; import WebSocket, WebSocketServer from 'ws'; const wss = new WebSocketServer port: 0,...

ws: Uninitialized memory disclosure

Impact The websocket.close implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the reason argument. Proof of concept js import deepStrictEqual from 'node:assert'; import WebSocket, WebSocketServer from 'ws'; const wss = new WebSocketServer port: 0,...

Linux Distros Unpatched Vulnerability : CVE-2026-45736

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close implementation is vulnerable to uninitialized memory disclosu...

CVE-2026-45736 ws: Uninitialized memory disclosure

ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the reason argument. This vulnerability is fixed in 8.20.1...

CVE-2026-45736 ws: Uninitialized memory disclosure

ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the reason argument. This vulnerability is fixed in 8.20.1...

CVE-2026-45736

Summary: CVE-2026-45736 affects the ws project (WebSocket client/server for Node.js). Prior to version 8.20.1, ws.close() could disclose uninitialized memory when a TypedArray is passed as the reason argument. The issue is fixed in ws 8.20.1. Affected component: ws websocket.close() implementatio...

CLSA-2024-1732701424 Fix CVE(s): CVE-2024-23672

SECURITY UPDATE: DoS via incomplete cleanup vulnerability - debian/patches/CVE-2024-23672.patch: refactor WebSocket close for suspend/resume to ensure connection closure completes - CVE-2024-23672...

CLSA-2024-1732637149 Fix CVE(s): CVE-2024-23672

SECURITY UPDATE: Denial of Service vulnerability - debian/patches/CVE-2024-23672.patch: refactor WebSocket close for suspend/resume to ensure WebSocket connection closure completes - CVE-2024-23672...

OESA-2024-2404 tomcat security update

The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open developmen...

OESA-2024-2403 tomcat security update

The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open developmen...

OESA-2024-2402 tomcat security update

The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open developmen...