CVE-2020-36406

uWebSockets 18.11.0 and 18.12.0 has a stack-based buffer overflow in uWS::TopicTree::trimTree (called from uWS::TopicTree::unsubscribeAll). NOTE: the vendor's position is that this is "a minor issue or not even an issue at all" because the developer of an application (that uses uWebSockets) should not be allowing the large number of triggered topics to accumulate
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:uwebsockets_project:uwebsockets:18.11.0:*:*:*:*:node.js:*:*
cpe:2.3:a:uwebsockets_project:uwebsockets:18.12.0:*:*:*:*:node.js:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

History

07 Nov 2023, 03:22

Type Values Removed Values Added
Summary ** DISPUTED ** uWebSockets 18.11.0 and 18.12.0 has a stack-based buffer overflow in uWS::TopicTree::trimTree (called from uWS::TopicTree::unsubscribeAll). NOTE: the vendor's position is that this is "a minor issue or not even an issue at all" because the developer of an application (that uses uWebSockets) should not be allowing the large number of triggered topics to accumulate. uWebSockets 18.11.0 and 18.12.0 has a stack-based buffer overflow in uWS::TopicTree::trimTree (called from uWS::TopicTree::unsubscribeAll). NOTE: the vendor's position is that this is "a minor issue or not even an issue at all" because the developer of an application (that uses uWebSockets) should not be allowing the large number of triggered topics to accumulate

17 Jan 2022, 20:15

Type Values Removed Values Added
Summary uWebSockets 18.11.0 and 18.12.0 has a stack-based buffer overflow in uWS::TopicTree::trimTree (called from uWS::TopicTree::unsubscribeAll). ** DISPUTED ** uWebSockets 18.11.0 and 18.12.0 has a stack-based buffer overflow in uWS::TopicTree::trimTree (called from uWS::TopicTree::unsubscribeAll). NOTE: the vendor's position is that this is "a minor issue or not even an issue at all" because the developer of an application (that uses uWebSockets) should not be allowing the large number of triggered topics to accumulate.

06 Jul 2021, 21:06

Type Values Removed Values Added
CWE CWE-787
CVSS v2 : unknown
v3 : unknown
v2 : 6.8
v3 : 8.8
References (MISC) https://github.com/google/oss-fuzz-vulns/blob/main/vulns/uwebsockets/OSV-2020-1695.yaml - (MISC) https://github.com/google/oss-fuzz-vulns/blob/main/vulns/uwebsockets/OSV-2020-1695.yaml - Third Party Advisory
References (MISC) https://github.com/uNetworking/uWebSockets/commit/03fca626a95130ab80f86adada54b29d27242759 - (MISC) https://github.com/uNetworking/uWebSockets/commit/03fca626a95130ab80f86adada54b29d27242759 - Patch, Third Party Advisory
References (MISC) https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25381 - (MISC) https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25381 - Exploit, Issue Tracking, Patch, Third Party Advisory
CPE cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:a:uwebsockets_project:uwebsockets:18.12.0:*:*:*:*:node.js:*:*
cpe:2.3:a:uwebsockets_project:uwebsockets:18.11.0:*:*:*:*:node.js:*:*

01 Jul 2021, 03:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-07-01 03:15

Updated : 2024-03-21 02:36


NVD link : CVE-2020-36406

Mitre link : CVE-2020-36406

CVE.ORG link : CVE-2020-36406


JSON object : View

Products Affected

linux

  • linux_kernel

uwebsockets_project

  • uwebsockets
CWE
CWE-787

Out-of-bounds Write