CVE-2016-10518
moderate-risk
Published 2018-05-31
A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to allocate memory by sending a ping frame. The ping functionality by default responds with a pong frame and the previously given payload of the ping frame. This is exactly what you expect, but internally ws always transforms all data that we need to send to a Buffer instance and that is where the vulnerability existed. ws didn't do any checks for the type of data it was sending. With buffers in node when you allocate it when a number instead of a string it will allocate the amount of bytes.
Do I need to act?
-
0.34% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (1)
Affected Vendors
References (6)
Release Notes
https://github.com/websockets/ws/releases/tag/1.0.1
Third Party Advisory
https://nodesecurity.io/advisories/67
Release Notes
https://github.com/websockets/ws/releases/tag/1.0.1
Third Party Advisory
https://nodesecurity.io/advisories/67
32
/ 100
moderate-risk
Severity
26/34 · High
Exploitability
1/34 · Minimal
Exposure
5/34 · Minimal