GMS-2016-2: Remote Memory Disclosure

January 4, 2016

When given a number instead of a string, the ping function sends a non zeroed buffer of the corresponding length which exposes memory to the recipient.

References

github.com/websockets/ws/releases/tag/1.0.1

Code Behaviors & Features

Detect and mitigate GMS-2016-2 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →