CVE-2026-62389 in websocketsinformación

Resumen

por MITRE • 2026-07-15

ws before 8.21.1 contains a memory exhaustion vulnerability in lib/receiver.js where the fragment guard only triggers when fragment count reaches maxFragments, allowing attackers to exhaust memory by sending incomplete fragmented WebSocket messages. Attackers can send a text frame with FIN=0 followed by continuation frames without completing the sequence, causing each fragment to be stored as a separate Buffer object with significant overhead, enabling denial of service through heap exhaustion.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Responsable

VulnCheck

Reservar

2026-07-14

Divulgación

2026-07-15

Moderación

aceptado

Artículo

VDB-379347

CPE

listo

EPSS

0.00000

KEV

no

Actividades

muy bajo

Fuentes

Do you want to use VulDB in your project?

Use the official API to access entries easily!