reports/GO-2020-0019.yaml - vulndb - Git at Google

 module: github.com/gorilla/websocket
 versions:
   - fixed: v1.4.1
 description: |
   An attacker can craft malicious WebSocket frames that cause an integer
   overflow in a variable which tracks the number of bytes remaining. This
   may cause the server or client to get stuck attempting to read frames
   in a loop, which can be used as a denial of service vector.
 cves:
   - CVE-2020-27813
 credit: Max Justicz
 symbols:
   - Conn.advanceFrame
   - messageReader.Read
 links:
   pr: https://github.com/gorilla/websocket/pull/537
   commit: https://github.com/gorilla/websocket/commit/5b740c29263eb386f33f265561c8262522f19d37
	module: github.com/gorilla/websocket
	versions:
	- fixed: v1.4.1
	description: \|
	An attacker can craft malicious WebSocket frames that cause an integer
	overflow in a variable which tracks the number of bytes remaining. This
	may cause the server or client to get stuck attempting to read frames
	in a loop, which can be used as a denial of service vector.
	cves:
	- CVE-2020-27813
	credit: Max Justicz
	symbols:
	- Conn.advanceFrame
	- messageReader.Read
	links:
	pr: https://github.com/gorilla/websocket/pull/537
	commit: https://github.com/gorilla/websocket/commit/5b740c29263eb386f33f265561c8262522f19d37