GitHub_MVULNRICHMENT:CVE-2024-37890CVE-2024-37890 Denial of service when handling a request with many HTTP headers in ws
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
SSVC
Exploitation
poc
Automatable
yes
Technical Impact
partial
ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] (e55e510) and backported to [email protected] (22c2876), [email protected] (eeb76d3), and [email protected] (4abd8f6). In vulnerable versions of ws, the issue can be mitigated in the following ways: 1. Reduce the maximum allowed length of the request headers using the --max-http-header-size=size and/or the maxHeaderSize options so that no more headers than the server.maxHeadersCount limit can be sent. 2. Set server.maxHeadersCount to 0 so that no limit is applied.
CNA Affected
[
{
"vendor": "websockets",
"product": "ws",
"versions": [
{
"status": "affected",
"version": ">= 2.1.0, < 5.2.4"
},
{
"status": "affected",
"version": ">= 6.0.0, < 6.2.3"
},
{
"status": "affected",
"version": ">= 7.0.0, < 7.5.10"
},
{
"status": "affected",
"version": ">= 8.0.0, < 8.17.1"
}
]
}
]ADP Affected
[
{
"cpes": [
"cpe:2.3:a:websockets:ws:*:*:*:*:*:*:*:*"
],
"vendor": "websockets",
"product": "ws",
"versions": [
{
"status": "affected",
"version": "2.1.0"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:websockets:ws:*:*:*:*:*:*:*:*"
],
"vendor": "websockets",
"product": "ws",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "5.2.4",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:websockets:ws:*:*:*:*:*:*:*:*"
],
"vendor": "websockets",
"product": "ws",
"versions": [
{
"status": "affected",
"version": "6.0.0"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:websockets:ws:*:*:*:*:*:*:*:*"
],
"vendor": "websockets",
"product": "ws",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "6.2.3",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:websockets:ws:*:*:*:*:*:*:*:*"
],
"vendor": "websockets",
"product": "ws",
"versions": [
{
"status": "affected",
"version": "7.0.0"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:websockets:ws:*:*:*:*:*:*:*:*"
],
"vendor": "websockets",
"product": "ws",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "7.5.10",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:websockets:ws:*:*:*:*:*:*:*:*"
],
"vendor": "websockets",
"product": "ws",
"versions": [
{
"status": "affected",
"version": "8.0.0"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:websockets:ws:*:*:*:*:*:*:*:*"
],
"vendor": "websockets",
"product": "ws",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "8.17.1",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]References
github.com/websockets/ws/commit/22c28763234aa75a7e1b76f5c01c181260d7917f
github.com/websockets/ws/commit/4abd8f6de4b0b65ef80b3ff081989479ed93377e
github.com/websockets/ws/commit/e55e5106f10fcbaac37cfa89759e4cc0d073a52c
github.com/websockets/ws/commit/eeb76d313e2a00dd5247ca3597bba7877d064a63
github.com/websockets/ws/issues/2230
github.com/websockets/ws/pull/2231
github.com/websockets/ws/security/advisories/GHSA-3h5v-q93c-6h6q
nodejs.org/api/http.html#servermaxheaderscount
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
SSVC
Exploitation
poc
Automatable
yes
Technical Impact
partial