DoS due to excessively large websocket message in ws

GHSA-6663-c963-2gqg · CVE-2016-10542

Published Feb 18, 2019 · Modified Nov 8, 2023

Description

Affected versions of ws do not appropriately limit the size of incoming websocket payloads, which may result in a denial of service condition when the node process crashes after receiving a large payload.

Recommendation

Update to version 1.1.1 or later.
Alternatively, set the maxpayload option for the ws server to a value smaller than 256MB.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2016-10542
WEB https://github.com/nodejs/node/issues/7388
ADVISORY https://github.com/advisories/GHSA-6663-c963-2gqg
WEB https://www.npmjs.com/advisories/120

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes