VDB
KO
CRITICAL

GHSA-xv26-6w52-cph6

websocket-driver: Message corruption via abuse of protocol length headers

Details

### Impact

The frame format in draft versions of the WebSocket protocol includes a length header that allows an arbitrarily large integer to be encoded as a sequence of bytes with the high bit set. By sending an indefinite sequence of bytes with values `0x80` or above, a client can make the server parse these bytes into an ever-growing integer. Since JavaScript numbers are 64-bit floating point values, this number will eventually lose precision and lead to the subsequent payload being parsed incorrectly.

### Patches

The issue has been patched in version 0.7.5 by rejecting the message if the length header exceeds the configured maximum message length. All users should upgrade to this version.

### Workarounds

No known workarounds exist.

### Acknowledgements

This issue was discovered and reported by Pranjali Thakur, DepthFirst Security Research Team.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / websocket-driver
Introduced in: 0 Fixed in: 0.7.5
Fix npm install websocket-driver@0.7.5

References