Medium severity5.9NVD Advisory· Published May 31, 2018· Updated Jun 17, 2026
CVE-2016-10544
CVE-2016-10544
Description
uws is a WebSocket server library. By sending a 256mb websocket message to a uws server instance with permessage-deflate enabled, there is a possibility used compression will shrink said 256mb down to less than 16mb of websocket payload which passes the length check of 16mb payload. This data will then inflate up to 256mb and crash the node process by exceeding V8's maximum string size. This affects uws >=0.10.0 <=0.10.8.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
uwsnpm | >= 0.10.0, < 0.10.9 | 0.10.9 |
Affected products
2- Range: >=0.10.0 <=0.10.8
Patches
Vulnerability mechanics
References
5- github.com/uWebSockets/uWebSockets/commit/37deefd01f0875e133ea967122e3a5e421b8fcd9nvdPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-hf5h-hh56-3vrgghsaADVISORY
- nodesecurity.io/advisories/149nvdThird Party Advisory
- nvd.nist.gov/vuln/detail/CVE-2016-10544ghsaADVISORY
- www.npmjs.com/advisories/149ghsaWEB
News mentions
0No linked articles in our index yet.