CVE-2022-39386

Name of the Vulnerable Software and Affected Versions fastify-websocket versions prior to 7.1.1 (fastify v4) and prior to 5.0.1 (fastify v3) @fastify/websocket (all versions, deprecated)

Description Any application using @fastify/websocket could crash if a specific, malformed packet is sent. The issue has been patched in version 7.1.1 (fastify v4) and version 5.0.1 (fastify v3). There are currently no known workarounds, but it should be possible to attach the error handler manually.

Recommendations For fastify-websocket versions prior to 7.1.1 (fastify v4), upgrade to version 7.1.1 or later. For fastify-websocket versions prior to 5.0.1 (fastify v3), upgrade to version 5.0.1 or later. As a temporary workaround, consider attaching the error handler manually until a patch is available.