N/A

uws is a WebSocket server library. By sending a 256mb websocket message to a uws server instance with permessage-deflate enabled, there is a possibility used compression will shrink said 256mb down to less than 16mb of websocket payload which passes the length check of 16mb payload. This data will then inflate up to 256mb and crash the node process by exceeding V8's maximum string size. This affects uws >=0.10.0 <=0.10.8.

N/A

未加控制的资源消耗(资源穷尽)

uws 安全漏洞

uws是一个用于客户端和服务器的WebSocket和HTTP实现。 uws 0.10.0版本至0.10.8版本中存在安全漏洞，该漏洞源于在permessage-deflate被打开时，程序没有正确的处理较大的Websocket消息。攻击者可利用该漏洞造成拒绝服务（节点进程崩溃）。

N/A

N/A