PYSEC-2018-79

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/websockets/PYSEC-2018-79.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2018-79
Aliases
Published
2018-06-26T16:29:00Z
Modified
2023-11-01T04:48:37.349335Z
Summary
[none]
Details

aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Servers and clients, unless configured with compression=None that can result in Denial of Service by memory exhaustion. This attack appear to be exploitable via Sending a specially crafted frame on an established connection. This vulnerability appears to have been fixed in 5.

References

Affected packages

PyPI / websockets

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.0

Affected versions

0.*

0.1

1.*

1.0

2.*

2.0
2.1
2.2
2.3
2.4
2.5
2.6
2.7

3.*

3.0
3.1
3.2
3.3
3.4

4.*

4.0
4.0.1