Vulnerability Description
A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to allocate memory by sending a ping frame. The ping functionality by default responds with a pong frame and the previously given payload of the ping frame. This is exactly what you expect, but internally ws always transforms all data that we need to send to a Buffer instance and that is where the vulnerability existed. ws didn't do any checks for the type of data it was sending. With buffers in node when you allocate it when a number instead of a string it will allocate the amount of bytes.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ws Project | Ws | < 1.0.1 |
Related Weaknesses (CWE)
References
- https://gist.github.com/c0nrad/e92005446c480707a74aPatchThird Party Advisory
- https://github.com/websockets/ws/releases/tag/1.0.1Release NotesThird Party Advisory
- https://nodesecurity.io/advisories/67Third Party Advisory
- https://gist.github.com/c0nrad/e92005446c480707a74aPatchThird Party Advisory
- https://github.com/websockets/ws/releases/tag/1.0.1Release NotesThird Party Advisory
- https://nodesecurity.io/advisories/67Third Party Advisory
FAQ
What is CVE-2016-10518?
CVE-2016-10518 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to allocate memory by sending a ping frame. The ping functionality by default responds with a po...
How severe is CVE-2016-10518?
CVE-2016-10518 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-10518?
Check the references section above for vendor advisories and patch information. Affected products include: Ws Project Ws.