A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to allocate memory by sending a ping frame. The ping functionality by default responds with a pong frame and the previously given payload of the ping frame. This is exactly what you expect, but internally ws always transforms all data that we need to send to a Buffer instance and that is where the vulnerability existed. ws didn't do any checks for the type of data it was sending. With buffers in node when you allocate it when a number instead of a string it will allocate the amount of bytes.
Published 2018-05-31 20:29:01
Updated 2019-10-09 23:16:42
Source HackerOne
View at NVD,   CVE.org
Vulnerability category: Overflow

Exploit prediction scoring system (EPSS) score for CVE-2016-10518

0.15%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 52 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-10518

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
5.0
MEDIUM AV:N/AC:L/Au:N/C:P/I:N/A:N
10.0
2.9
NIST
7.5
HIGH CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3.9
3.6
NIST

CWE ids for CVE-2016-10518

References for CVE-2016-10518

Products affected by CVE-2016-10518

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!