CVE-2020-27813

Published: Dec 2, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections.

Vendor	Product	Versions
n/a	golang-github-gorilla-websocket	affected `github.com/gorilla/websocket v1.4.1`

Weaknesses (CWE)

CWE-190

References

https://bugzilla.redhat.com/show_bug.cgi?id=1902111

https://github.com/gorilla/websocket/security/advisories/GHSA-jf24-p9p9-4rjh

[debian-lts-announce] 20210106 [SECURITY] [DLA 2520-1] golang-websocket security update

mailing-list

[debian-lts-announce] 20230513 [SECURITY] [DLA 3420-1] golang-websocket security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-27813

Description

Affected Products

Weaknesses (CWE)

References