Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
uws is a WebSocket server library. By sending a 256mb websocket message to a uws server instance with permessage-deflate enabled, there is a possibility used compression will shrink said 256mb down to less than 16mb of websocket payload which passes the length check of 16mb payload. This data will then inflate up to 256mb and crash the node process by exceeding V8's maximum string size. This affects uws >=0.10.0 <=0.10.8.
CVSS Information
N/A
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
uws 安全漏洞
Vulnerability Description
uws是一个用于客户端和服务器的WebSocket和HTTP实现。 uws 0.10.0版本至0.10.8版本中存在安全漏洞,该漏洞源于在permessage-deflate被打开时,程序没有正确的处理较大的Websocket消息。攻击者可利用该漏洞造成拒绝服务(节点进程崩溃)。
CVSS Information
N/A
Vulnerability Type
N/A