CVE-2026-54463
websocket-driver: Memory exhaustion via abuse of protocol length headers
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
websocket-driver is a WebSocket protocol handler with pluggable I/O. Prior to 0.8.1, draft versions of the WebSocket protocol in websocket-driver include a length header that allows an arbitrarily large integer to be encoded as bytes with the high bit set, and a server or client can send an indefinite sequence of 0x80 or higher bytes that the peer parses into an ever-growing Ruby integer. This can make a WebSocket connection consume an unbounded amount of memory and lead to the host process running out of memory. This issue is fixed in version 0.8.1.
| CWE | CWE-770 |
| Vendor | faye |
| Product | websocket-driver-ruby |
| Published | Jul 17, 2026 |
Stay Ahead of the Next One
Get instant alerts for faye websocket-driver-ruby
Be the first to know when new unknown vulnerabilities affecting faye websocket-driver-ruby are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
faye / websocket-driver-ruby
< 0.8.1