CVE-2022-39386

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-39386
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-39386.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-39386
Aliases
Published
2022-11-08T22:15:15Z
Modified
2024-06-06T14:06:13.276395Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

@fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been patched in version 7.1.1 (fastify v4) and version 5.0.1 (fastify v3). There are currently no known workarounds. However, it should be possible to attach the error handler manually. The recommended path is upgrading to the patched versions.

References

Affected packages

Git / github.com/fastify/fastify-websocket

Affected ranges

Type
GIT
Repo
https://github.com/fastify/fastify-websocket
Events

Affected versions

v6.*

v6.0.0
v6.0.1

v7.*

v7.0.0
v7.0.1
v7.1.0