CVE-2016-10518Sensitive Info Insertion into Sent Data in Node-ws

CWE-201Sensitive Info Insertion into Sent DataCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 42.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
WS Project WSDebian Node-wsHackerone WS Node Module
Timeline
PublishedMay 31
Latest updateFeb 18

Description

A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to allocate memory by sending a ping frame. The ping functionality by default responds with a pong frame and the previously given payload of the ping frame. This is exactly what you expect, but internally ws always transforms all data that we need to send to a Buffer instance and that is where the vulnerability existed. ws didn't do any checks for the type of data it was sending. With buffers

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

CVEListV5hackerone/ws_node_module1.0.0
debiandebian/node-ws< node-ws 1.0.1+ds1.e6ddaae4-1 (bookworm)
NVDws_project/ws< 1.0.1
npmws_project/ws< 1.0.1

Patches

Patch: gist.github.comPatch: gist.github.com

🔴Vulnerability Details

3
GHSA
Remote Memory Disclosure in ws2019-02-18
OSV
Remote Memory Disclosure in ws2019-02-18
OSV
CVE-2016-10518: A vulnerability was found in the ping functionality of the ws module before 12018-05-31

📋Vendor Advisories

1
Debian
CVE-2016-10518: node-ws - A vulnerability was found in the ping functionality of the ws module before 1.0....2016