CVE-2020-13934 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Denial of service
Description	An issue has been found in Apache Tomcat before 8.5.57 and before 9.0.37, where the payload length in a WebSocket frame was not correctly validated. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1205	tomcat9	9.0.35-1	9.0.37-1	High	Fixed
AVG-1204	tomcat8	8.5.56-1	8.5.57-1	High	Fixed

References
https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.57 https://github.com/apache/tomcat/commit/923d834500802a61779318911d7898bd85fc950e https://github.com/apache/tomcat/commit/40fa74c74822711ab878079d0a69f7357926723d

References

https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.57
https://github.com/apache/tomcat/commit/923d834500802a61779318911d7898bd85fc950e
https://github.com/apache/tomcat/commit/40fa74c74822711ab878079d0a69f7357926723d