Home

CVE-2018-1000518

Description

aaugustin websockets version 4 contains a CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Servers and clients, unless configured with compression=None that can result in Denial of Service by memory exhaustion. This attack appear to be exploitable via Sending a specially crafted frame on an established connection. This vulnerability appears to have been fixed in 5.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.155

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2018-1000518 are fixed in Python-websockets 5.0Windows
SUSE-SU-2023:2783-1(Server Applications Module 15-SP4 ) python-zope.interface-debuginfo-4.4.2-150000.3.4.1.x86_64.rpmLinux
SUSE-SU-2023:2783-1(Server Applications Module 15-SP4 ) python-zope.interface-debugsource-4.4.2-150000.3.4.1.x86_64.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-aiocontextvars-0.2.2-150100.3.3.3.x86_64.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-websockets-9.1-150100.3.3.3.x86_64.rpmLinux
SUSE-SU-2023:2783-1(Server Applications Module 15-SP4 ) python3-zope.interface-4.4.2-150000.3.4.1.x86_64.rpmLinux
SUSE-SU-2023:2783-1(Server Applications Module 15-SP4 ) python3-zope.interface-debuginfo-4.4.2-150000.3.4.1.x86_64.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) azure-cli-core-2.17.1-150100.6.18.1.noarch.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-avro-1.11.0-150100.3.3.3.noarch.rpmLinux
SUSE-SU-2023:2783-1(Server Applications Module 15-SP4 ) python3-constantly-15.1.0-150000.3.4.1.noarch.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-cryptography-vectors-3.3.2-150100.3.11.3.noarch.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-Deprecated-1.2.13-150100.3.3.3.noarch.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-humanfriendly-10.0-150100.6.3.3.noarch.rpmLinux
SUSE-SU-2023:2783-1(Server Applications Module 15-SP4 ) python3-hyperlink-17.2.1-150000.3.4.1.noarch.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-jsondiff-1.3.0-150100.3.6.3.noarch.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-knack-0.9.0-150100.3.7.3.noarch.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-opencensus-0.8.0-150100.3.3.3.noarch.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-opencensus-context-0.1.2-150100.3.3.3.noarch.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-opencensus-ext-threading-0.1.2-150100.3.3.3.noarch.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-opentelemetry-api-1.5.0-150100.3.3.3.noarch.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-PyGithub-1.43.5-150100.3.3.3.noarch.rpmLinux
SUSE-SU-2023:2783-1(Basesystem Module 15-SP4 ) python3-websocket-client-1.3.2-150100.6.7.3.noarch.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-aiocontextvars-0.2.2-150100.3.3.3.x86_64_15_SP3.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-websockets-9.1-150100.3.3.3.x86_64_15_SP3.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) azure-cli-core-2.17.1-150100.6.18.1.noarch_15_SP3.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-avro-1.11.0-150100.3.3.3.noarch_15_SP3.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-Deprecated-1.2.13-150100.3.3.3.noarch_15_SP3.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-humanfriendly-10.0-150100.6.3.3.noarch_15_SP3.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-jsondiff-1.3.0-150100.3.6.3.noarch_15_SP3.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-knack-0.9.0-150100.3.7.3.noarch_15_SP3.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-opencensus-0.8.0-150100.3.3.3.noarch_15_SP3.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-opencensus-context-0.1.2-150100.3.3.3.noarch_15_SP3.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-opencensus-ext-threading-0.1.2-150100.3.3.3.noarch_15_SP3.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-opentelemetry-api-1.5.0-150100.3.3.3.noarch_15_SP3.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-PyGithub-1.43.5-150100.3.3.3.noarch_15_SP3.rpmLinux
SUSE-SU-2023:2783-1(Server Applications Module 15-SP5 ) python-zope.interface-debuginfo-4.4.2-150000.3.4.1.x86_64_15_SP5.rpmLinux
SUSE-SU-2023:2783-1(Server Applications Module 15-SP5 ) python-zope.interface-debugsource-4.4.2-150000.3.4.1.x86_64_15_SP5.rpmLinux
SUSE-SU-2023:2783-1(Server Applications Module 15-SP5 ) python3-zope.interface-4.4.2-150000.3.4.1.x86_64_15_SP5.rpmLinux
SUSE-SU-2023:2783-1(Server Applications Module 15-SP5 ) python3-zope.interface-debuginfo-4.4.2-150000.3.4.1.x86_64_15_SP5.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP5 ) azure-cli-core-2.17.1-150100.6.18.1.noarch_15_SP5.rpmLinux
SUSE-SU-2023:2783-1(Server Applications Module 15-SP5 ) python3-constantly-15.1.0-150000.3.4.1.noarch_15_SP5.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP5 ) python3-humanfriendly-10.0-150100.6.3.3.noarch_15_SP5.rpmLinux
SUSE-SU-2023:2783-1(Server Applications Module 15-SP5 ) python3-hyperlink-17.2.1-150000.3.4.1.noarch_15_SP5.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP5 ) python3-jsondiff-1.3.0-150100.3.6.3.noarch_15_SP5.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP5 ) python3-knack-0.9.0-150100.3.7.3.noarch_15_SP5.rpmLinux
SUSE-SU-2023:2783-1(Basesystem Module 15-SP5 ) python3-websocket-client-1.3.2-150100.6.7.3.noarch_15_SP5.rpmLinux
Vulnerabilities CVE-2018-1000518 are fixed in Python-websockets for linux 5.0Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234