Description
uws is a WebSocket server library. By sending a 256mb websocket message to a uws server instance with permessage-deflate enabled, there is a possibility used compression will shrink said 256mb down to less than 16mb of websocket payload which passes the length check of 16mb payload. This data will then inflate up to 256mb and crash the node process by exceeding V8's maximum string size. This affects uws >=0.10.0 <=0.10.8.
Remediation
References
https://nodesecurity.io/advisories/149
https://github.com/uWebSockets/uWebSockets/commit/37deefd01f0875e133ea967122e3a5e421b8fcd9
Related Vulnerabilities
CVE-2022-29546 Vulnerability in maven package net.sourceforge.htmlunit:neko-htmlunit
CVE-2021-27738 Vulnerability in maven package org.apache.kylin:kylin-stream-coordinator
CVE-2020-25711 Vulnerability in maven package org.infinispan:infinispan-server-runtime