CVE-2020-36406

Опубликовано: 01 июл. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

uWebSockets 18.11.0 and 18.12.0 has a stack-based buffer overflow in uWS::TopicTree::trimTree (called from uWS::TopicTree::unsubscribeAll). NOTE: the vendor's position is that this is "a minor issue or not even an issue at all" because the developer of an application (that uses uWebSockets) should not be allowing the large number of triggered topics to accumulate

Ссылки

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25381
Exploit
Issue Tracking
Patch
Third Party Advisory
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/uwebsockets/OSV-2020-1695.yaml
Third Party Advisory
https://github.com/uNetworking/uWebSockets/commit/03fca626a95130ab80f86adada54b29d27242759
Patch
Third Party Advisory
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25381
Exploit
Issue Tracking
Patch
Third Party Advisory
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/uwebsockets/OSV-2020-1695.yaml
Third Party Advisory
https://github.com/uNetworking/uWebSockets/commit/03fca626a95130ab80f86adada54b29d27242759
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:uwebsockets_project:uwebsockets:18.11.0:*:*:*:*:node.js:*:*

cpe:2.3:a:uwebsockets_project:uwebsockets:18.12.0:*:*:*:*:node.js:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

EPSS

Процентиль: 70%

0.00646

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-787

Связанные уязвимости

GHSA-8hff-gxvr-v39f