Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2022-39386

Good to know:

icon
icon

Date: November 7, 2022

@fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been patched in version 7.1.1 (fastify v4) and version 5.0.1 (fastify v3). There are currently no known workarounds. However, it should be possible to attach the error handler manually. The recommended path is upgrading to the patched versions.

Language: JS

Severity Score

Related Resources (9)

https://github.com/fastify/fastify-websocket/pull/228
https://github.com/fastify/fastify-websocket/releases/tag/v7.1.1
https://github.com/fastify/fastify-websocket
https://github.com/fastify/fastify-websocket/security/advisories/GHSA-4pcg-wr6c-h9cq
https://github.com/fastify/fastify-websocket/commit/c24adeb3efd57a18b2f287c35d029e88b5a47194
https://github.com/fastify/fastify-websocket/commit/7e8c41a51c101c3d5ce88caee4f71d9c29eb2863
https://nvd.nist.gov/vuln/detail/CVE-2022-39386
https://github.com/fastify/fastify-websocket/releases/tag/v5.0.1
https://www.mend.io/vulnerability-database/CVE-2022-39386

Severity Score

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

Uncaught Exception

CWE-248

Top Fix

icon

Upgrade Version

Upgrade to version @fastify/websocket - 7.1.1;@fastify/websocket - 5.0.1

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

Do you need more information?

Contact Us