CVE-2010-1766

Name of the Vulnerable Software and Affected Versions WebKit versions before r56380

Description The issue is caused by an off-by-one error in the WebSocketHandshake::readServerHandshake function in WebCore, which can be exploited by remote websockets servers. This can lead to a denial of service due to memory corruption or possibly have other unspecified impacts. The exploitation occurs via an upgrade header that is long and invalid.

Recommendations For versions before r56380, update to a version after r56380 to resolve the issue. As a temporary workaround, consider restricting access to the WebSocketHandshake::readServerHandshake function until a patch is available. Avoid using invalid or long upgrade headers in the affected API endpoint until the issue is resolved.