Out-of-bounds read In nodejs
Description
Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client
Impact
A server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process.
Patches
Patched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this version or later.
Workarounds
There are no workarounds.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 rpm rhel8 | 1:22.22.2-1.module+el8.10.0+24148+847b6786 | ||
rpm rhel9 | 1:22.22.2-1.module+el9.7.0+24157+8ddb2461 | ||
rpm rhel10 | 1:22.22.2-1.el10_1 | ||
rpm rhel10 | 1:24.14.1-2.el10_1 | ||
 debian 13 | - | ||
debian 14 | 7.24.5+dfsg+~cs3.2.0-1 | ||
 npm | 6.24.0, 7.24.0 | ||
rpm rhel10.0 | 1:22.22.2-2.el10_0 | ||
rpm rhel9.6 | 1:22.22.2-1.module+el9.6.0+24196+39669d4e |
Aliases
1. 2. 3. 4. 5. 6. 7.
References
1. 2. 3.