Vulnerability Report: GO-2020-0019
- CVE-2020-27813, GHSA-3xh2-74w9-5vxm
- Affects: github.com/gorilla/websocket
- Published: Apr 14, 2021
- Modified: Jun 12, 2023
An attacker can craft malicious WebSocket frames that cause an integer overflow in a variable which tracks the number of bytes remaining. This may cause the server or client to get stuck attempting to read frames in a loop, which can be used as a denial of service vector.
- Max Justicz