fastify/websocket vulnerable to uncaught exception via crash on malformed packet

Main / fastify/websocket vulnerable to uncaught exception via crash on malformed packet

Discription

### Impact

Any application using @fastify/websocket could crash if a specific, malformed packet is sent.

All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched.

### Patches

This has been patched in v7.1.1 (fastify v4) and v5.0.1 (fastify v3).

### Workarounds

No known workaround is available. However, it should be possible to attach the error handler manually.
The recommended path is upgrading to the patched versions.

## Credits

[marcolanaro](https://github.com/marcolanaro) for finding and patching this vulnerability

### For more information

If you have any questions or comments about this advisory:
* Open an issue in [@fastify/websocket](https://github.com/fastify/fastify-websocket)
* Email us at [[email protected]](mailto:[email protected])Read More

References

Back to Main

Subscribe for the latest news: