7.5
CVE-2020-27813
- EPSS 0.18%
- Published 02.12.2020 01:15:12
- Last modified 21.11.2024 05:21:51
- Source secalert@redhat.com
- CVE-Watchlists
- Open
LoginAn integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections.
Data is provided by the National Vulnerability Database (NVD)
Gorillatoolkit ≫ Websocket Version < 1.4.1
Debian ≫ Debian Linux Version9.0
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.359 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-190 Integer Overflow or Wraparound
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.