CVE-2022-39386

@fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been patched in version 7.1.1 (fastify v4) and version 5.0.1 (fastify v3). There are currently no known workarounds. However, it should be possible to attach the error handler manually. The recommended path is upgrading to the patched versions.

@fastify/websocket provides WebSocket support for Fastify. Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. This has been patched in version 7.1.1 (fastify v4) and version 5.0.1 (fastify v3). There are currently no known workarounds. However, it should be possible to attach the error handler manually. The recommended path is upgrading to the patched versions.

### Impact Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. ### Patches This has been patched in v7.1.1 (fastify v4) and v5.0.1 (fastify v3). ### Workarounds No known workaround is available. However, it should be possible to attach the error handler manually. The recommended path is upgrading to the patched versions. ## Credits [marcolanaro](https://github.com/marcolanaro) for finding and patching this vulnerability ### For more information If you have any questions or comments about this advisory: * Open an issue in [@fastify/websocket](https://github.com/fastify/fastify-websocket) * Email us at [hello@matteocollina.com](mailto:hello@matteocollina.com)

### Impact Any application using @fastify/websocket could crash if a specific, malformed packet is sent. All versions of fastify-websocket are also impacted. That module is deprecated, so it will not be patched. ### Patches This has been patched in v7.1.1 (fastify v4) and v5.0.1 (fastify v3). ### Workarounds No known workaround is available. However, it should be possible to attach the error handler manually. The recommended path is upgrading to the patched versions. ## Credits [marcolanaro](https://github.com/marcolanaro) for finding and patching this vulnerability ### For more information If you have any questions or comments about this advisory: * Open an issue in [@fastify/websocket](https://github.com/fastify/fastify-websocket) * Email us at [hello@matteocollina.com](mailto:hello@matteocollina.com)

@fastify/websocket proporciona soporte WebSocket para Fastify. Cualquier aplicación que utilice @fastify/websocket podría fallar si se envía un paquete específico con formato incorrecto. Todas las versiones de fastify-websocket también se ven afectadas. Ese módulo está en desuso, por lo que no será parcheado. Esto se ha parcheado en la versión 7.1.1 (fastify v4) y la versión 5.0.1 (fastify v3). Actualmente no se conocen workarounds. Sin embargo, debería ser posible adjuntar el controlador de errores manualmente. La ruta recomendada es actualizar a las versiones parcheadas.