CVE-2016-10542

Опубликовано: 31 мая 2018

Источник: ubuntu

Приоритет: medium

EPSS Средний

CVSS2: 5

CVSS3: 7.5

Описание

ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a ws server, it is possible to crash the node process. This affects ws 1.1.0 and earlier.

Релиз	Статус	Примечание
artful	ignored	end of life
bionic	ignored	end of standard support, was needed
cosmic	ignored	end of life
devel	not-affected	1.1.0+ds1.e6ddaae4-5
disco	ignored	end of life
eoan	not-affected	1.1.0+ds1.e6ddaae4-5
esm-apps/bionic	needed
esm-apps/focal	not-affected	1.1.0+ds1.e6ddaae4-5
esm-apps/jammy	not-affected	1.1.0+ds1.e6ddaae4-5
esm-apps/noble	not-affected	1.1.0+ds1.e6ddaae4-5

Показывать по

Ссылки на источники

EPSS

Процентиль: 98%

0.66075

Средний

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

CVE-2016-10542

CVSS3: 7.5

nvd

больше 7 лет назад

ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier.

CVE-2016-10542

CVSS3: 7.5

debian

больше 7 лет назад

ws is a "simple to use, blazing fast and thoroughly tested websocket c ...

GHSA-6663-c963-2gqg

github

почти 7 лет назад

DoS due to excessively large websocket message in ws

EPSS

Процентиль: 98%

0.66075

Средний

5 Medium

CVSS2

7.5 High

CVSS3

CVE-2016-10542

Описание

Пакет node-ws

Ссылки на источники

Связанные уязвимости