CVE-2020-27813

Опубликовано: 25 авг. 2019

Источник: redhat

CVSS3: 7.5

EPSS Низкий

Описание

An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections.

An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker could use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections.

Затронутые пакеты

Платформа	Пакет	Состояние
OpenShift Serverless	knative-serving	Not affected
OpenShift Service Mesh 1	servicemesh	Not affected
OpenShift Service Mesh 1	servicemesh-grafana	Will not fix
OpenShift Service Mesh 1	servicemesh-operator	Not affected
Red Hat 3scale API Management Platform 2	3scale-apicast-operator-container	Will not fix
Red Hat 3scale API Management Platform 2	3scale-operator-container	Will not fix
Red Hat Advanced Cluster Management for Kubernetes 2	websocket	Not affected
Red Hat OpenShift Container Platform 3.11	atomic-openshift	Will not fix
Red Hat OpenShift Container Platform 4	openshift4/ose-etcd-rhel9	Fix deferred
Red Hat OpenShift Container Platform 4	openshift4/ose-grafana	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-190->CWE-400

https://bugzilla.redhat.com/show_bug.cgi?id=1902111golang-github-gorilla-websocket: integer overflow leads to denial of service

EPSS

Процентиль: 39%

0.00177

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2020-27813

CVSS3: 7.5

ubuntu

около 5 лет назад

CVE-2020-27813

CVSS3: 7.5

nvd

около 5 лет назад

CVE-2020-27813

CVSS3: 7.5

debian

около 5 лет назад

An integer overflow vulnerability exists with the length of websocket ...

GHSA-3xh2-74w9-5vxm

CVSS3: 7.5

github

больше 4 лет назад

Integer overflow in github.com/gorilla/websocket

EPSS

Процентиль: 39%

0.00177

Низкий

7.5 High

CVSS3