Memory Consumption Vulnerability in WebSocket Driver by Faye
CVE-2026-54463

6.9MEDIUM

Key Information:

Vendor

Faye

Vendor
CVE Published:
17 July 2026

What is CVE-2026-54463?

The websocket-driver is vulnerable to a memory consumption issue stemming from the handling of the WebSocket protocol's draft versions. When using versions prior to 0.8.1, the driver allows for the encoding of arbitrary large integers, which can lead to unbounded memory usage. This happens when the server or client sends an indefinite number of bytes with the high bit set, causing the peer to parse these into an ever-growing Ruby integer. Consequently, this can result in the host process exhausting its available memory resources. The vulnerability has been addressed in version 0.8.1.

Affected Version(s)

websocket-driver-ruby < 0.8.1

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.