ImpactA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undicis ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process.
Patches
Patched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this version or later.
Weakness
An exception is thrown from a function, but it is not caught.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Undici | Nodejs | * | 6.24.0 (excluding) |
| Undici | Nodejs | 7.0.0 (including) | 7.24.0 (excluding) |
| Cryostat 4 on RHEL 9 | RedHat | cryostat/cryostat-openshift-console-plugin-rhel9:4.2.0-9 | * |
| Cryostat 4 on RHEL 9 | RedHat | cryostat/cryostat-rhel9:4.2.0-9 | * |
| Red Hat Enterprise Linux 10 | RedHat | nodejs22-1:22.22.2-1.el10_1 | * |
| Red Hat Enterprise Linux 10 | RedHat | nodejs24-1:24.14.1-2.el10_1 | * |
| Red Hat Enterprise Linux 10.0 Extended Update Support | RedHat | nodejs22-1:22.22.2-2.el10_0 | * |
| Red Hat Enterprise Linux 8 | RedHat | nodejs:22-8100020260331102257.6d880403 | * |
| Red Hat Enterprise Linux 8 | RedHat | nodejs:24-8100020260408131901.6d880403 | * |
| Red Hat Enterprise Linux 9 | RedHat | nodejs:22-9070020260401095228.rhel9 | * |
| Red Hat Enterprise Linux 9 | RedHat | nodejs:24-9070020260402152654.rhel9 | * |
| Red Hat Enterprise Linux 9.6 Extended Update Support | RedHat | nodejs:22-9060020260409121057.rhel9 | * |
| Red Hat Developer Hub 1.8 | RedHat | rhdh/rhdh-hub-rhel9:1776784286 | * |
| Red Hat Developer Hub 1.9 | RedHat | rhdh/rhdh-hub-rhel9:1777903262 | * |
| Red Hat OpenShift AI 2.16 | RedHat | rhoai/odh-dashboard-rhel8:1774282136 | * |
| Red Hat OpenShift Dev Spaces 3.28 | RedHat | devspaces/code-rhel9:1779814592 | * |
| Red Hat OpenShift Pipelines 1.2 | RedHat | openshift-pipelines/pipelines-console-plugin-rhel9:1779910201 | * |