CVE-2026-54465
websocket-driver: Memory exhaustion in HTTP header parser
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
websocket-driver is a WebSocket protocol handler with pluggable I/O. Prior to 0.8.1, when websocket-driver is used to implement a WebSocket server on top of a TCP server using WebSocket::Driver.server() or to complement a WebSocket client, a peer can make a single connection consume an unbounded amount of memory by sending an HTTP request or response with a never-ending list of headers. This can lead to the receiving process running out of memory. This issue is fixed in version 0.8.1.
| CWE | CWE-770 |
| Vendor | faye |
| Product | websocket-driver-ruby |
| Published | Jul 17, 2026 |
Stay Ahead of the Next One
Get instant alerts for faye websocket-driver-ruby
Be the first to know when new unknown vulnerabilities affecting faye websocket-driver-ruby are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
faye / websocket-driver-ruby
< 0.8.1