Headline
CVE-2020-35896: Insufficient size checks in outgoing buffer in ws allows remote attacker to run the process out of memory › RustSec Advisory Database
An issue was discovered in the ws crate through 2020-09-25 for Rust. The outgoing buffer is not properly limited, leading to a remote memory-consumption attack.
History ⋅ Edit
RUSTSEC-2020-0043
Insufficient size checks in outgoing buffer in ws allows remote attacker to run the process out of memory
Issued
September 25, 2020
Package
ws (crates.io)
Type
Vulnerability
Categories
- denial-of-service
Keywords
#websocket #dos #ddos #oom #memory #remotely
Aliases
- CVE-2020-35896
Details
https://github.com/housleyjk/ws-rs/issues/291
CVSS Score
7.5 HIGH
CVSS Details
Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Patched
no patched versions
Description
Affected versions of this crate did not properly check and cap the growth of the outgoing buffer.
This allows a remote attacker to take down the process by growing the buffer of their (single) connection until the process runs out of memory it can allocate and is killed.
The flaw was corrected in the parity-ws fork (>=0.10.0) by disconnecting a client when the buffer runs full.