PT-2026-25075 · Undici+1 · Undici+1

Matteo Collina

Publicado

2026-03-12

Atualizado

2026-06-04

CVE-2026-1528

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions undici versions prior to 7.24.0 undici versions prior to 6.24.0

Description A server can respond with a WebSocket frame utilizing the 64-bit length format and an excessively large length value. The ByteParser component within undici experiences an integer overflow during internal mathematical operations, leading to an invalid state and ultimately causing a fatal TypeError that terminates the process.

Recommendations Upgrade to undici version 7.24.0 or later. Upgrade to undici version 6.24.0 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-248CWE-1284

Identificadores relacionados

ALSA-2026:7080

ALSA-2026:7123

ALSA-2026:7350

ALSA-2026:7670

ALSA-2026:7675

CLEANSTART-2026-CE10526

CLEANSTART-2026-DV49099

CLEANSTART-2026-GS57401

CLEANSTART-2026-NB51079

CLEANSTART-2026-OW14933

CLEANSTART-2026-SW34937

CVE-2026-1528

GHSA-F269-VFMQ-VJVJ

RHSA-2026:7080

RHSA-2026:7123

RHSA-2026:7302

RHSA-2026:7310

RHSA-2026:7350

RHSA-2026:7670

RHSA-2026:7675

RHSA-2026:7983

Produtos afetados

Rocky Linux

Undici

PT-2026-25075 · Undici+1 · Undici+1

CVE-2026-1528

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 210