We found results for “”
WS-2020-0171
Date: September 25, 2020
Affected versions of this crate did not properly check and cap the growth of the outgoing buffer. This allows a remote attacker to take down the process by growing the buffer of their (single) connection until the process runs out of memory it can allocate and is killed. The flaw was corrected in the parity-ws fork (>0.10.0) by disconnecting a client when the buffer runs full.
Language: RUST
Severity Score
Severity Score
Weakness Type (CWE)
Stack-based Buffer Overflow
CWE-121CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | LOCAL |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | REQUIRED |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | NONE |
Availability (A): | HIGH |