GHSA-3xh2-74w9-5vxm

Source

https://github.com/advisories/GHSA-3xh2-74w9-5vxm

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-3xh2-74w9-5vxm/GHSA-3xh2-74w9-5vxm.json

Aliases

CVE-2020-27813
GHSA-jf24-p9p9-4rjh
GO-2020-0019

Published

2021-05-18T21:08:02Z

Modified

2023-11-08T04:03:22.368470Z

Summary

Integer overflow in github.com/gorilla/websocket

Details

An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections.

References

https://github.com/gorilla/websocket/security/advisories/GHSA-jf24-p9p9-4rjh
https://nvd.nist.gov/vuln/detail/CVE-2020-27813
https://github.com/gorilla/websocket/pull/537
https://github.com/gorilla/websocket/commit/5b740c29263eb386f33f265561c8262522f19d37
https://bugzilla.redhat.com/show_bug.cgi?id=1902111
https://github.com/gorilla/websocket
https://lists.debian.org/debian-lts-announce/2021/01/msg00008.html
https://pkg.go.dev/vuln/GO-2020-0019

Affected packages

Go / github.com/gorilla/websocket

Package

Name: github.com/gorilla/websocket

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.4.1