CVE-2016-10542: Input Validation
First published: Thu May 31 2018(Updated: )
ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier.
Credit: support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ws Project Ws | <=1.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2016-10542.
What is the severity of CVE-2016-10542?
The severity of CVE-2016-10542 is high with a score of 7.5.
Which software versions are affected by CVE-2016-10542?
The software version affected by CVE-2016-10542 is ws 1.1.0 and earlier.
How can CVE-2016-10542 be exploited?
CVE-2016-10542 can be exploited by sending an overly long WebSocket payload to a ws server, causing the node process to crash.
Are there any references for CVE-2016-10542?
Yes, you can find references for CVE-2016-10542 at the following links: 1. https://github.com/nodejs/node/issues/7388 2. https://nodesecurity.io/advisories/120
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- vendor/ws project
- canonical/ws project ws
- version/ws project ws/1.1.0