| module = "github.com/gorilla/websocket" |
| |
| description = """ |
| An attacker can craft malicious WebSocket frames that cause an integer |
| overflow in a variable which tracks the number of bytes remaining. This |
| can cause the server or client to get stuck attempting to read frames |
| in a loop. |
| """ |
| |
| cve = "CVE-2020-27813" |
| |
| credit = "Max Justicz" |
| |
| symbols = ["Conn.advanceFrame", "messageReader.Read"] |
| |
| [[versions]] |
| fixed = "v1.4.1" |
| |
| [links] |
| pr = "https://github.com/gorilla/websocket/pull/537" |
| commit = "https://github.com/gorilla/websocket/commit/5b740c29263eb386f33f265561c8262522f19d37" |