PT-2018-9415 · Aaugustin+1 · Uwebsockets+1

Aaugustin

Publicado

2018-06-26

Atualizado

2024-07-12

CVE-2018-1000518

CVSS v4.0

8.7

Alta

Vetor

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions aaugustin websockets versions 4.0 through 4.0

Description The issue is related to improper handling of highly compressed data, which can result in Denial of Service by memory exhaustion. This can be exploited by sending a specially crafted frame on an established connection. The vulnerability appears to have been fixed in version 5.

Recommendations For version 4, update to version 5 to resolve the issue. As a temporary workaround, consider configuring the websockets library with compression=None to prevent exploitation.

Exploit

Correção

DoS

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400

Identificadores relacionados

CVE-2018-1000518

GHSA-6G87-FF9Q-V847

OPENSUSE-SU-2024:11280-1

OPENSUSE-SU-2024:14166-1

PYSEC-2018-79

SUSE-SU-2023:2783-1

SUSE-SU-2023:2783-2

SUSE-SU-2023_2783-1

SUSE-SU-2023_2783-2

Produtos afetados

Suse

Uwebsockets

PT-2018-9415 · Aaugustin+1 · Uwebsockets+1

CVE-2018-1000518

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 74