漏洞标题
N/A
漏洞描述信息
在ws模块1.0.0之前发现了一个漏洞,该漏洞允许客户端通过发送ping帧来分配内存。默认情况下,ping功能会回赠一个pong帧和ping帧之前提供的负载。这正是您期望的,但是 internally,ws 始终将我们需要发送的所有数据转换为Buffer实例,这使得漏洞存在于这里。ws并没有检查它所发送的数据类型。当您在节点上分配Buffer时,如果使用数字而不是字符串,它将分配字节的数量。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to allocate memory by sending a ping frame. The ping functionality by default responds with a pong frame and the previously given payload of the ping frame. This is exactly what you expect, but internally ws always transforms all data that we need to send to a Buffer instance and that is where the vulnerability existed. ws didn't do any checks for the type of data it was sending. With buffers in node when you allocate it when a number instead of a string it will allocate the amount of bytes.
CVSS信息
N/A
漏洞类别
通过发送数据的信息暴露
漏洞标题
ws模块安全漏洞
漏洞描述信息
ws module是一款Node.js WebSocket服务器的实现。 ws模块1.0.0之前版本中的ping功能存在安全漏洞。攻击者可利用该漏洞使ws向服务器发送已被分配使用的缓冲区中的内容,泄露敏感信息。
CVSS信息
N/A
漏洞类别
缓冲区错误