CVE-2016-10542

NONE EPSS 93.8%
Published May 31, 20188y ago · Modified Jun 17, 20262w ago
Find Similar
Published May 31, 2018 8y ago
Last Modified Jun 17, 2026 2w ago

Description

ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier.

Threat Intelligence

EPSS Exploit Probability
93.8% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 2

CWE-20 Improper Input Validation Validation
CWE-400 Uncontrolled Resource Consumption Resource Mgmt

Affected Products 1

VendorProductVersionRange
ws_projectws* ≤1.1.0

References 2

  • github.com https://github.com/nodejs/node/issues/7388
    Issue TrackingThird Party Advisory
  • nodesecurity.io https://nodesecurity.io/advisories/120
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.