VDB
KO
MEDIUM

GHSA-ghhp-3qvg-889p

websocket-driver: Memory exhaustion via abuse of protocol length headers

Details

### Impact

The frame format in draft versions of the WebSocket protocol includes a length header that allows an arbitrarily large integer to be encoded as a sequence of bytes with the high bit set. By sending an indefinite sequence of bytes with values `0x80` or above, a server or client can make the other peer parse these bytes into an ever-growing integer. Since Ruby integers are arbitrary precision, this can be used to make a WebSocket connection consume an unbounded amount of memory and lead to the host process running out of memory.

### Patches

The issue has been patched in version 0.8.1. All users should upgrade to this version.

### Workarounds

No known workarounds exist.

### Acknowledgements

This issue was discovered and reported by Pranjali Thakur, DepthFirst Security Research Team.

Are you affected?

Enter the version of the package you're using.

Affected packages

RubyGems / websocket-driver
Introduced in: 0 Fixed in: 0.8.1
Fix bundle update websocket-driver

References