Zurück zur CVE-Übersicht
CVE-2026-45736
MEDIUM(4.4)CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Risk Signal Score11/100 — NIEDRIG
- CVSS 4.4 — Mittel
EPSS-Score
1%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
4.4
Technische Schwere
Beschreibung
ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close() implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the reason argument. This vulnerability is fixed in 8.20.1.
GitHub Advisories
Referenzen
- https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086
- https://github.com/websockets/ws/security/advisories/GHSA-58qx-3vcg-4xpx
- https://access.redhat.com/errata/RHSA-2026:26638
- https://access.redhat.com/errata/RHSA-2026:26994
- https://access.redhat.com/errata/RHSA-2026:27171
- https://access.redhat.com/errata/RHSA-2026:29197
- https://access.redhat.com/errata/RHSA-2026:33574
- https://access.redhat.com/errata/RHSA-2026:34374
- https://access.redhat.com/errata/RHSA-2026:36754
- https://access.redhat.com/errata/RHSA-2026:36820