Memory Allocation Vulnerability in ws Module for WebSocket Functionality
CVE-2016-10518

7.5HIGH

Key Information:

Vendor

Hackerone

Status
Ws Node Module
Vendor
CVE Published:
31 May 2018

What is CVE-2016-10518?

A vulnerability exists in the ping functionality of the ws module prior to version 1.0.0, allowing clients to exploit memory allocation by sending specially crafted ping frames. When a ping frame is received, the ws module responds with a pong frame containing the original payload. However, the vulnerability arises from the lack of validation for the type of data being sent, leading to incorrect buffer allocation in Node.js. This behavior can potentially be exploited to consume excessive memory resources, impacting the performance and stability of the affected applications.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

ws node module <= 1.0.0

References

https://github.com/websockets/ws/releases/tag/1.0.1
x_refsource_MISC
https://nodesecurity.io/advisories/67
x_refsource_MISC
https://gist.github.com/c0nrad/e92005446c480707a74a
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.