CVE-2018-1000518

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions aaugustin websockets versions 4.0 through 4.0

Description The issue is related to improper handling of highly compressed data, which can result in Denial of Service by memory exhaustion. This can be exploited by sending a specially crafted frame on an established connection. The vulnerability appears to have been fixed in version 5.

Recommendations For version 4, update to version 5 to resolve the issue. As a temporary workaround, consider configuring the websockets library with compression=None to prevent exploitation.

Exploit

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2018-1000518

GHSA-6G87-FF9Q-V847

OPENSUSE-SU-2024:11280-1

OPENSUSE-SU-2024:14166-1

PYSEC-2018-79

SUSE-SU-2023:2783-1

SUSE-SU-2023:2783-2

SUSE-SU-2023_2783-1

SUSE-SU-2023_2783-2

Affected Products

Suse

Uwebsockets

CVE-2018-1000518

Weakness Enumeration

Related Identifiers

Affected Products

References · 74