CVE Reference: CVE-2010-1766

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2010-1766

Description:
Off-by-one error in the WebSocketHandshake::readServerHandshake function in websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380, as used in Qt and other products, allows remote websockets servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an upgrade header that is long and invalid.

CVE Status:
Candidate

References:

UBUNTU
  http://www.ubuntu.com/usn/USN-1006-1

SUSE
  http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

SAID
  Secunia Advisory: SA43068
  Secunia Advisory: SA40557
  Secunia Advisory: SA41856

MANDRIVA
  http://www.mandriva.com/security/advisories?name=MDVSA-2011:039

FEDORA
  http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044031.html
  http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044023.html

CONFIRM
  http://trac.webkit.org/changeset/56380


Return to the previous page.