Memory Consumption Vulnerability in WebSocket Driver by Faye
CVE-2026-54463
6.9MEDIUM
What is CVE-2026-54463?
The websocket-driver is vulnerable to a memory consumption issue stemming from the handling of the WebSocket protocol's draft versions. When using versions prior to 0.8.1, the driver allows for the encoding of arbitrary large integers, which can lead to unbounded memory usage. This happens when the server or client sends an indefinite number of bytes with the high bit set, causing the peer to parse these into an ever-growing Ruby integer. Consequently, this can result in the host process exhausting its available memory resources. The vulnerability has been addressed in version 0.8.1.
Affected Version(s)
websocket-driver-ruby < 0.8.1
