Candidate: CVE-2020-27813
PublicDate: 2020-12-02 01:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27813
 https://github.com/gorilla/websocket/security/advisories/GHSA-jf24-p9p9-4rjh
Description:
 An integer overflow vulnerability exists with the length of websocket
 frames received via a websocket connection. An attacker would use this flaw
 to cause a denial of service attack on an HTTP Server allowing websocket
 connections.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_golang-github-gorilla-websocket:
upstream_golang-github-gorilla-websocket: released (1.4.1)
precise/esm_golang-github-gorilla-websocket: DNE
trusty_golang-github-gorilla-websocket: ignored (out of standard support)
trusty/esm_golang-github-gorilla-websocket: DNE
xenial_golang-github-gorilla-websocket: DNE
bionic_golang-github-gorilla-websocket: DNE
focal_golang-github-gorilla-websocket: not-affected (1.4.1-2)
groovy_golang-github-gorilla-websocket: not-affected (1.4.1-2)
hirsute_golang-github-gorilla-websocket: not-affected (1.4.2-1)
impish_golang-github-gorilla-websocket: not-affected (1.4.2-1)
jammy_golang-github-gorilla-websocket: not-affected (1.4.2-1)
devel_golang-github-gorilla-websocket: not-affected (1.4.2-1)

Patches_golang-websocket:
 upstream: https://github.com/gorilla/websocket/commit/5b740c29263eb386f33f265561c8262522f19d37
upstream_golang-websocket: released (1.4.1)
precise/esm_golang-websocket: DNE
trusty_golang-websocket: ignored (out of standard support)
trusty/esm_golang-websocket: DNE
xenial_golang-websocket: ignored (end of standard support, was needed)
esm-infra/xenial_golang-websocket: needed
bionic_golang-websocket: needed
focal_golang-websocket: needed
groovy_golang-websocket: ignored (reached end-of-life)
hirsute_golang-websocket: ignored (reached end-of-life)
impish_golang-websocket: needed
jammy_golang-websocket: needed
devel_golang-websocket: needed