Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
undici is vulnerable to Malicious WebSocket 64-bit length overflows undici parser and crashes the client
Vulnerability Description
ImpactA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process. Patches Patched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this version or later.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
未捕获的异常
Vulnerability Title
undici 安全漏洞
Vulnerability Description
undici是Node.js开源的一个HTTP/1.1客户端。 undici存在安全漏洞,该漏洞源于ByteParser在处理使用64位长度格式且长度极大的WebSocket帧时内部数学运算溢出,可能导致进程因致命TypeError而终止。
CVSS Information
N/A
Vulnerability Type
N/A