CVE-2023-32695
Summary
| CVE | CVE-2023-32695 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-05-27 16:15:00 UTC |
|---|
| Updated | 2023-06-05 15:54:00 UTC |
|---|
| Description | socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released in version 4.2.3. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Release 4.2.3 · socketio/socket.io-parser · GitHub |
MISC |
github.com |
|
| fix: check the format of the event name · socketio/socket.io-parser@2dc3c92 · GitHub |
MISC |
github.com |
|
| Insufficient validation when decoding a Socket.IO packet · Advisory · socketio/socket.io-parser · GitHub |
MISC |
github.com |
|
| fix: check the format of the event name · socketio/socket.io-parser@3b78117 · GitHub |
MISC |
github.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 182510 Debian Security Update for node-socket.io-parser (CVE-2023-32695)
