CVE-2016-10544

Name of the Vulnerable Software and Affected Versions uws versions 0.10.0 through 0.10.8

Description The issue arises when a WebSocket server instance with permessage-deflate enabled receives a large WebSocket message. If a 256MB WebSocket message is sent, the compression may shrink it to less than 16MB, allowing it to pass the length check. However, upon inflation, the data can exceed V8's maximum string size, causing the Node process to crash. This can result in a denial of service condition.

Recommendations Update to version 0.10.9 or later. As a temporary workaround, consider disabling the permessage-deflate feature to minimize the risk of exploitation.