CVE-2020-27813

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions HTTP Server (affected versions not specified)

Description The issue is related to an integer overflow vulnerability in the length of websocket frames received via a websocket connection. This flaw can be exploited by an attacker to cause a denial of service attack on an HTTP Server that allows websocket connections. An attacker can craft malicious WebSocket frames that cause an integer overflow in a variable which tracks the number of bytes remaining, potentially causing the server or client to get stuck in a loop attempting to read frames.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Integer Overflow

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-400

Related Identifiers

CVE-2020-27813

DLA-2520-1

DLA-3420-1

GHSA-3XH2-74W9-5VXM

GHSA-JF24-P9P9-4RJH

GO-2020-0019

RHSA-2021:0833

USN-6208-1

Affected Products

Http Server

Ubuntu

CVE-2020-27813

Weakness Enumeration

Related Identifiers

Affected Products

References · 23