blob: d57c8c4922597761d9e50fb45dd2a4f3b90f70b3 [file] [log] [blame]
module: github.com/gorilla/websocket
versions:
- fixed: v1.4.1
description: |
An attacker can craft malicious WebSocket frames that cause an integer
overflow in a variable which tracks the number of bytes remaining. This
may cause the server or client to get stuck attempting to read frames
in a loop, which can be used as a denial of service vector.
published: 2021-04-14T12:00:00Z
cve: CVE-2020-27813
credit: Max Justicz
symbols:
- Conn.advanceFrame
- messageReader.Read
links:
pr: https://github.com/gorilla/websocket/pull/537
commit: https://github.com/gorilla/websocket/commit/5b740c29263eb386f33f265561c8262522f19d37