RUSTSEC-2020-0043: Insufficient size checks in outgoing buffer in ws allows remote attacker to run the process out of memory


> Insufficient size checks in outgoing buffer in ws allows remote attacker to run the process out of memory

| Details             |                                                |
| ------------------- | ---------------------------------------------- |
| Package             | `ws`                      |
| Version             | `0.9.1`                   |
| URL                 | [https://github.com/housleyjk/ws-rs/issues/291](https://github.com/housleyjk/ws-rs/issues/291) |
| Date                | 2020-09-25                         |

Affected versions of this crate did not properly check and cap the growth of the outgoing buffer.

This allows a remote attacker to take down the process by growing the buffer of their (single) connection until the process runs out of memory it can allocate and is killed.

The flaw was corrected in the [`parity-ws` fork](https://crates.io/crates/parity-ws) (&gt;0.10.0) by [disconnecting a client when the buffer runs full](https://github.com/housleyjk/ws-rs/pull/328).

See [advisory page](https://rustsec.org/advisories/RUSTSEC-2020-0043.html) for additional details.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

RUSTSEC-2020-0043: Insufficient size checks in outgoing buffer in ws allows remote attacker to run the process out of memory #1

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Details
Package	`ws`
Version	`0.9.1`
URL	housleyjk/ws-rs#291
Date	2020-09-25

RUSTSEC-2020-0043: Insufficient size checks in outgoing buffer in ws allows remote attacker to run the process out of memory #1

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions