What is CVE-2016-10542?

CVE-2016-10542 is a vulnerability in Hackerone Ws Node Module, classified under Uncontrolled Resource Consumption. Published 2018-05-31.

Is CVE-2016-10542 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Resource exhaustion in Hackerone Ws Node Module

CVE-2016-10542

ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node proce…

Vulnerability class: DoS (Denial of Service)

EPSS: 0.661 (98.5th percentile) — read the EPSS interpretation.

Affected products

Hackerone Ws Node Module — versions <=1.1.0

Weakness classification (CWE)

CWE-400 — Uncontrolled Resource Consumption

Public proof-of-concept exploits

References

github.com/nodejs/node/issues/7388 (x_refsource_MISC)
nodesecurity.io/advisories/120 (x_refsource_MISC)

Frequently asked questions

What is CVE-2016-10542?: CVE-2016-10542 is a vulnerability in Hackerone Ws Node Module, classified under Uncontrolled Resource Consumption. Published 2018-05-31.
Is CVE-2016-10542 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.