npm

Severity: high

Denial of Service

uws

Overview

Affected versions of uws do not properly handle large websocket messages when permessage-deflate is enabled, which may result in a denial of service condition.

If uws recieves a 256Mb websocket message when permessage-deflate is enabled, the server will compress the message prior to executing the length check, and subsequently extract the message prior to processing. This can result in a situation where an excessively large websocket message passes the length checks, yet still gets cast from a Buffer to a string, which will exceed v8's maximum string size and crash the process.

Remediation

Update to version 0.10.9 or later.

Alternatively, disable permessage-deflate.

Resources

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Oct 17th, 2016
  2. reported

    Initial report by Luigi Pinca
    Oct 11th, 2016