CVE-2010-1766 — Off-by-one Error in Webkit

CWE-189 CWE-193 — Off-by-one Error5 documents4 sources

Severity

7.5HIGHNVD

EPSS

2.3%

top 15.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Digia QT Webkit

Timeline

PublishedJul 22

Latest updateMay 17

Description

Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDwebkit/webkitr56379

▶NVDdigia/qt4.6.2

🔴Vulnerability Details

GHSA

GHSA-6mww-pvfg-4qx6: Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake↗2022-05-17

▶

📋Vendor Advisories

Red Hat

WebKit: off-by-one memory corruption flaw WebSocketHandshake::readServerHandshake()↗2010-06-07

▶

💬Community

Bugzilla

CVE-2010-1772 CVE-2010-1773 webkitgtk various flaws [fedora-all]↗2010-06-21

▶

Bugzilla

CVE-2010-1766 WebKit: off-by-one memory corruption flaw WebSocketHandshake::readServerHandshake()↗2010-05-26

▶