CVE-2022-39386
fastify-websocket vulnerable to uncaught exception via crash on malformed packet
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
@fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been patched in version 7.1.1 (fastify v4) and version 5.0.1 (fastify v3). There are currently no known workarounds. However, it should be possible to attach the error handler manually. The recommended path is upgrading to the patched versions.
@fastify/websocket proporciona soporte WebSocket para Fastify. Cualquier aplicación que utilice @fastify/websocket podría fallar si se envía un paquete específico con formato incorrecto. Todas las versiones de fastify-websocket también se ven afectadas. Ese módulo está en desuso, por lo que no será parcheado. Esto se ha parcheado en la versión 7.1.1 (fastify v4) y la versión 5.0.1 (fastify v3). Actualmente no se conocen workarounds. Sin embargo, debería ser posible adjuntar el controlador de errores manualmente. La ruta recomendada es actualizar a las versiones parcheadas.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-09-02 CVE Reserved
- 2022-11-08 CVE Published
- 2024-05-31 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-248: Uncaught Exception
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://github.com/fastify/fastify-websocket/security/advisories/GHSA-4pcg-wr6c-h9cq | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Fastify Search vendor "Fastify" | Websocket Search vendor "Fastify" for product "Websocket" | >= 6.0.0 < 7.1.1 Search vendor "Fastify" for product "Websocket" and version " >= 6.0.0 < 7.1.1" | node.js |
Affected
| ||||||
Fastify Search vendor "Fastify" | Websocket Search vendor "Fastify" for product "Websocket" | 5.0.0 Search vendor "Fastify" for product "Websocket" and version "5.0.0" | node.js |
Affected
|