CVE-2020-36406

** DISPUTED ** uWebSockets 18.11.0 and 18.12.0 has a stack-based buffer overflow in uWS::TopicTree::trimTree (called from uWS::TopicTree::unsubscribeAll). NOTE: the vendor's position is that this is "a minor issue or not even an issue at all" because the developer of an application (that uses uWebSockets) should not be allowing the large number of triggered topics to accumulate.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:uwebsockets_project:uwebsockets:18.11.0:*:*:*:*:node.js:*:*
cpe:2.3:a:uwebsockets_project:uwebsockets:18.12.0:*:*:*:*:node.js:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:29

Type Values Removed Values Added
References () https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25381 - Exploit, Issue Tracking, Patch, Third Party Advisory () https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25381 - Exploit, Issue Tracking, Patch, Third Party Advisory
References () https://github.com/google/oss-fuzz-vulns/blob/main/vulns/uwebsockets/OSV-2020-1695.yaml - Third Party Advisory () https://github.com/google/oss-fuzz-vulns/blob/main/vulns/uwebsockets/OSV-2020-1695.yaml - Third Party Advisory
References () https://github.com/uNetworking/uWebSockets/commit/03fca626a95130ab80f86adada54b29d27242759 - Patch, Third Party Advisory () https://github.com/uNetworking/uWebSockets/commit/03fca626a95130ab80f86adada54b29d27242759 - Patch, Third Party Advisory

17 Jan 2022, 20:15

Type Values Removed Values Added
Summary uWebSockets 18.11.0 and 18.12.0 has a stack-based buffer overflow in uWS::TopicTree::trimTree (called from uWS::TopicTree::unsubscribeAll). ** DISPUTED ** uWebSockets 18.11.0 and 18.12.0 has a stack-based buffer overflow in uWS::TopicTree::trimTree (called from uWS::TopicTree::unsubscribeAll). NOTE: the vendor's position is that this is "a minor issue or not even an issue at all" because the developer of an application (that uses uWebSockets) should not be allowing the large number of triggered topics to accumulate.

06 Jul 2021, 21:06

Type Values Removed Values Added
CPE cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:a:uwebsockets_project:uwebsockets:18.12.0:*:*:*:*:node.js:*:*
cpe:2.3:a:uwebsockets_project:uwebsockets:18.11.0:*:*:*:*:node.js:*:*
References (MISC) https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25381 - (MISC) https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25381 - Exploit, Issue Tracking, Patch, Third Party Advisory
References (MISC) https://github.com/uNetworking/uWebSockets/commit/03fca626a95130ab80f86adada54b29d27242759 - (MISC) https://github.com/uNetworking/uWebSockets/commit/03fca626a95130ab80f86adada54b29d27242759 - Patch, Third Party Advisory
References (MISC) https://github.com/google/oss-fuzz-vulns/blob/main/vulns/uwebsockets/OSV-2020-1695.yaml - (MISC) https://github.com/google/oss-fuzz-vulns/blob/main/vulns/uwebsockets/OSV-2020-1695.yaml - Third Party Advisory
CWE CWE-787
CVSS v2 : unknown
v3 : unknown
v2 : 6.8
v3 : 8.8

01 Jul 2021, 03:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-07-01 03:15

Updated : 2024-11-21 05:29


NVD link : CVE-2020-36406

Mitre link : CVE-2020-36406

CVE.ORG link : CVE-2020-36406


JSON object : View

Products Affected

uwebsockets_project

  • uwebsockets

linux

  • linux_kernel
CWE
CWE-787

Out-of-bounds Write