How severe is CVE-2016-10518?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2016-10518?

This is classified as CWE-201, which is a common weakness in software security.

CVE-2016-10518 - HIGH Severity | CVSS 7.5

Vulnerability Description

A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to allocate memory by sending a ping frame. The ping functionality by default responds with a pong frame and the previously given payload of the ping frame. This is exactly what you expect, but internally ws always transforms all data that we need to send to a Buffer instance and that is where the vulnerability existed. ws didn't do any checks for the type of data it was sending. With buffers in node when you allocate it when a number instead of a string it will allocate the amount of bytes.

Related Vulnerabilities

CVE-2016-10519

HIGH

CVSS:7.5(High)

A security issue was found in bittorrent-dht before 5.1.3 that allows someone to send a specific series of messages to a listening peer and get it to reveal internal memory.

CWE-2012016

CVE-2020-5364

HIGH

CVSS:7.5(High)

Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vulnerability. The SNMPv2 services is enabled, by default, with a pre-configured community string. This community string allows read-...

CWE-2012020

CVE-2020-8975

HIGH

CVSS:7.5(High)

ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version, allows a remote attacker with access to the web application and knowledge of the routes (URIs) used by the application, to access ...

CWE-2012020

CVE-2023-3413

HIGH

CVSS:7.5(High)

An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was pos...

CWE-2012023

CVE-2023-49261

HIGH

CVSS:7.5(High)

The "tokenKey" value used in user authorization is visible in the HTML source of the login page.

CWE-2012023

CVE-2024-13254

HIGH

CVSS:7.5(High)

Insertion of Sensitive Information Into Sent Data vulnerability in Drupal REST Views allows Forceful Browsing.This issue affects REST Views: from 0.0.0 before 3.0.1.

CWE-2012024