blob: 0ef1c8fb0ede7e224d880fbfd90316ea3f5f5b97 [file] [log] [blame]
id: GO-2020-0019
modules:
- module: github.com/gorilla/websocket
versions:
- fixed: 1.4.1
vulnerable_at: 1.4.0
packages:
- package: github.com/gorilla/websocket
symbols:
- Conn.advanceFrame
- messageReader.Read
derived_symbols:
- Conn.Close
- Conn.NextReader
- Conn.NextWriter
- Conn.ReadJSON
- Conn.ReadMessage
- Conn.WriteControl
- Conn.WriteJSON
- Conn.WriteMessage
- Conn.WritePreparedMessage
- Dialer.Dial
- Dialer.DialContext
- NewClient
- NewPreparedMessage
- ReadJSON
- Subprotocols
- Upgrade
- Upgrader.Upgrade
- WriteJSON
- flateReadWrapper.Read
- flateWriteWrapper.Close
- flateWriteWrapper.Write
- httpProxyDialer.Dial
- messageWriter.Close
- messageWriter.ReadFrom
- messageWriter.Write
- messageWriter.WriteString
- netDialerFunc.Dial
- proxy_direct.Dial
- proxy_envOnce.Get
- proxy_socks5.Dial
- truncWriter.Write
summary: Integer overflow in github.com/gorilla/websocket
description: |-
An attacker can craft malicious WebSocket frames that cause an integer overflow
in a variable which tracks the number of bytes remaining. This may cause the
server or client to get stuck attempting to read frames in a loop, which can be
used as a denial of service vector.
published: 2021-04-14T20:04:52Z
cves:
- CVE-2020-27813
ghsas:
- GHSA-3xh2-74w9-5vxm
credits:
- Max Justicz
references:
- fix: https://github.com/gorilla/websocket/pull/537
- fix: https://github.com/gorilla/websocket/commit/5b740c29263eb386f33f265561c8262522f19d37