dotnet: ASP.NET Core WebSocket frame processing DoS

An infinite loop error was found in ASP.NET when processing WebSocket frames. The exploitation of this issue can cause high CPU resource consumption. The highest threat from this vulnerability is to system availability...

tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS

A flaw was found in Apache Tomcat, where the payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. The highest threat from this vulnerability is to...

python-eventlet: improper handling of highly compressed data and memory allocation with excessive size allows DoS

A flaw was found in eventlet. If an unauthenticated user manages to send large websocket frames or highly compressed data frames that can lead to memory exhaustion. An attacker could use this flaw to cause a denial of service DoS...

MGASA-2021-0266 Updated python-eventlet packages fix security vulnerability

Updated python-eventlet packages fix a security vulnerability: Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data...

DEBIAN-CVE-2021-21419

Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to...

CVE-2021-21419

Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to...

Eventlet 资源管理错误漏洞

Eventlet is a concurrent networking library for Python. A resource management error vulnerability exists in Eventlet versions prior to 0.31.0, which stems from the possibility that a websocket peer may exhaust memory on the Eventlet side by sending very large websocket frames...

PT-2021-3910 · Eventlet +3 · Eventlet +3

Name of the Vulnerable Software and Affected Versions: Eventlet versions prior to 0.31.0 Description: The issue is related to the handling of large websocket frames in the Eventlet library, which can lead to memory exhaustion. A malicious peer can exploit this by sending highly compressed data...

GO-2020-0019 Integer overflow in github.com/gorilla/websocket

An attacker can craft malicious WebSocket frames that cause an integer overflow in a variable which tracks the number of bytes remaining. This may cause the server or client to get stuck attempting to read frames in a loop, which can be used as a denial of service vector...

NewStart CGSL CORE 5.04 / MAIN 5.04 : libvncserver Vulnerability (NS-SA-2021-0005)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has libvncserver packages installed that are affected by a vulnerability: - It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploi...

NewStart CGSL MAIN 6.02 : libvncserver Vulnerability (NS-SA-2021-0050)

The remote NewStart CGSL host, running version MAIN 6.02, has libvncserver packages installed that are affected by a vulnerability: - It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by...

EulerOS 2.0 SP5 : libvncserver (EulerOS-SA-2021-1208)

According to the versions of the libvncserver package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service...

EulerOS 2.0 SP8 : libvncserver (EulerOS-SA-2020-2518)

According to the version of the libvncserver package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker cou...

CVE-2020-27813

An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections...

CVE-2020-27813

An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections...

PT-2020-16801 · Unknown +1 · Http Server +1

Name of the Vulnerable Software and Affected Versions: HTTP Server affected versions not specified Description: The issue is related to an integer overflow vulnerability in the length of websocket frames received via a websocket connection. This flaw can be exploited by an attacker to cause a...

CVE-2020-27813

An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections...

CVE-2020-27813

An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections...

CVE-2020-27813

An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker could use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections...

Oracle Linux 8 : libvncserver (ELSA-2020-3385)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-3385 advisory. 0.9.11-15.1 - Fix NVR Related: 1852356 0.9.11-15 - Fix CVE-2017-18922 Resolves: 1852356 Tenable has extracted the preceding description block directly from the...