Описание
An integer overflow vulnerability exists in the WebSocket component of Mongoose 7.5 thru 7.17. By sending a specially crafted WebSocket request, an attacker can cause the application to crash. If downstream vendors integrate this component improperly, the issue may lead to a buffer overflow.
A vulnerability was identified in the WebSocket component of Mongoose package versions 7.5 through 7.17. An attacker can exploit this flaw by sending a specially crafted request to a targeted application. Successful exploitation results in the application crashing, creating a denial of service. In certain cases where the component is integrated improperly by downstream products, this flaw could lead to a buffer overflow. This more severe condition could potentially allow an attacker to execute arbitrary code on the system.
Отчет
This vulnerability doesn't affect any supported Red Hat product.
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
An integer overflow vulnerability exists in the WebSocket component of Mongoose 7.5 thru 7.17. By sending a specially crafted WebSocket request, an attacker can cause the application to crash. If downstream vendors integrate this component improperly, the issue may lead to a buffer overflow.
An integer overflow vulnerability exists in the WebSocket component of Mongoose 7.5 thru 7.17. By sending a specially crafted WebSocket request, an attacker can cause the application to crash. If downstream vendors integrate this component improperly, the issue may lead to a buffer overflow.
EPSS
7.5 High
CVSS3