{"id":"CVE-2016-10542","details":"ws is a \"simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455\". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier.","aliases":["GHSA-6663-c963-2gqg"],"modified":"2026-04-10T03:50:18.798202Z","published":"2018-05-31T20:29:01.550Z","references":[{"type":"ADVISORY","url":"https://nodesecurity.io/advisories/120"},{"type":"REPORT","url":"https://github.com/nodejs/node/issues/7388"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/websockets/ws","events":[{"introduced":"0"},{"last_affected":"4263f26d4dbe27e781c41a1ddfe3dab87dd9e1dc"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.1.0"}]}}],"versions":["0.4.32","0.5.0","0.6","0.6.2","0.6.3","0.6.4","0.6.5","0.7","0.7.1","0.7.2","0.8.0","0.8.1","1.0.0","1.0.1","1.1.0","v0.0.1","v0.0.2","v0.0.3","v0.0.4","v0.1.0","v0.1.1","v0.1.2","v0.2.0","v0.2.5","v0.2.6","v0.2.7","v0.2.8","v0.2.9","v0.3.0","v0.3.2","v0.3.3","v0.3.4","v0.3.4-2","v0.3.5","v0.3.5-2","v0.3.5-3","v0.3.5-4","v0.3.6","v0.3.7","v0.3.8","v0.3.9","v0.4.0","v0.4.1","v0.4.10","v0.4.11","v0.4.12","v0.4.13","v0.4.14","v0.4.15","v0.4.16","v0.4.17","v0.4.18","v0.4.19","v0.4.2","v0.4.20","v0.4.21","v0.4.22","v0.4.23","v0.4.24","v0.4.25","v0.4.27","v0.4.28","v0.4.29","v0.4.3","v0.4.30","v0.4.31","v0.4.4","v0.4.5","v0.4.6","v0.4.7","v0.4.8","v0.4.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10542.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}