CVE-2026-54463
Severity CVSS v4.0:
MEDIUM
Type:
Unavailable / Other
Publication date:
17/07/2026
Last modified:
17/07/2026
Description
websocket-driver is a WebSocket protocol handler with pluggable I/O. Prior to 0.8.1, draft versions of the WebSocket protocol in websocket-driver include a length header that allows an arbitrarily large integer to be encoded as bytes with the high bit set, and a server or client can send an indefinite sequence of 0x80 or higher bytes that the peer parses into an ever-growing Ruby integer. This can make a WebSocket connection consume an unbounded amount of memory and lead to the host process running out of memory. This issue is fixed in version 0.8.1.
Impact
Base Score 4.0
6.90
Severity 4.0
MEDIUM



