blob: bf92f87db2365a365b6c2d7903fc28a9ac3c26d0 [file] [log] [blame]
module = "github.com/gorilla/websocket"
description = """
An attacker can craft malicious WebSocket frames that cause an integer
overflow in a variable which tracks the number of bytes remaining. This
can cause the server or client to get stuck attempting to read frames
in a loop.
"""
cve = "CVE-2020-27813"
credit = "Max Justicz"
symbols = ["Conn.advanceFrame", "messageReader.Read"]
[[versions]]
fixed = "v1.4.1"
[links]
pr = "https://github.com/gorilla/websocket/pull/537"
commit = "https://github.com/gorilla/websocket/commit/5b740c29263eb386f33f265561c8262522f19d37"