reports/GO-2020-0019.toml - vulndb - Git at Google

 package = "github.com/gorilla/websocket"

 description = """
 An attacker can craft malicious WebSocket frames that cause an integer
 overflow in a variable which tracks the number of bytes remaining. This
 can cause the server or client to get stuck attempting to read frames
 in a loop.
 """

 cve = "CVE-2020-27813"

 credit = "Max Justicz"

 symbols = ["Conn.advanceFrame", "messageReader.Read"]

 [[versions]]
 fixed = "v1.4.1"

 [links]
 pr = "https://github.com/gorilla/websocket/pull/537"
 commit = "https://github.com/gorilla/websocket/commit/5b740c29263eb386f33f265561c8262522f19d37"
	package = "github.com/gorilla/websocket"

	description = """
	An attacker can craft malicious WebSocket frames that cause an integer
	overflow in a variable which tracks the number of bytes remaining. This
	can cause the server or client to get stuck attempting to read frames
	in a loop.
	"""

	cve = "CVE-2020-27813"

	credit = "Max Justicz"

	symbols = ["Conn.advanceFrame", "messageReader.Read"]

	[[versions]]
	fixed = "v1.4.1"

	[links]
	pr = "https://github.com/gorilla/websocket/pull/537"
	commit = "https://github.com/gorilla/websocket/commit/5b740c29263eb386f33f265561c8262522f19d37"