Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN4aDItNzR3OS01dnht

High EPSS: 0.00177% (0.39641 Percentile) EPSS:
Permalink JSON

Integer overflow in github.com/gorilla/websocket

Affected Packages Affected Versions Fixed Versions
go:github.com/gorilla/websocket
PURL: pkg:go/github.com%2Fgorilla%2Fwebsocket
< 1.4.1 1.4.1
37,531 Dependent packages
107,879 Dependent repositories

Affected Version Ranges

All affected versions

v1.0.0, v1.1.0, v1.2.0, v1.3.0, v1.4.0

All unaffected versions

v1.4.1, v1.4.2, v1.5.0, v1.5.1, v1.5.2, v1.5.3

An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections.

References:

Identifiers

GHSA-3xh2-74w9-5vxm

CVE-2020-27813

Risk

Severity

High

EPSS

EPSS Percentage: 0.00177

EPSS Percentile: 0.39641

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/gorilla/websocket

Date and time

Published

over 4 years ago

Updated

almost 2 years ago

API

JSON