Lucene search
Veracode Vulnerability DatabaseVERACODE:40697HistoryMay 26, 2023 - 6:07 a.m.
Denial Of Service (DoS)
2023-05-2606:07:29
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
denial of service
socket.io
validation
node.js
vulnerability
0.003 Low
EPSS
Percentile
65.4%
socket.io-parser is vulnerable to Denial of Service (DoS) attacks. A malicious user is able to trigger an uncaught exception on the Socket.IO server due to insufficient validation when decoding a Socket.IO packet, causing the application to crash by killing the Node.js process.
References
github.com/advisories/GHSA-cqmj-92xf-r6r9
github.com/socketio/socket.io-parser/commit/2dc3c92622dad113b8676be06f23b1ed46b02ced
github.com/socketio/socket.io-parser/commit/3b78117bf6ba7e99d7a5cfc1ba54d0477554a7f3
github.com/socketio/socket.io-parser/releases/tag/4.2.3
github.com/socketio/socket.io-parser/security/advisories/GHSA-cqmj-92xf-r6r9
Related
osv
osv
Insufficient validation when decoding a Socket.IO packet
2023-05-23 19:55:13
CVE-2023-32695
2023-05-27 16:15:09
nvd
nvd
CVE-2023-32695
2023-05-27 16:15:09
github
github
Insufficient validation when decoding a Socket.IO packet
2023-05-23 19:55:13
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service due to [CVE-2023-32695]
2023-06-27 11:19:49
ubuntucve
ubuntucve
CVE-2023-32695
2023-05-27 00:00:00
prion
prion
Design/Logic Flaw
2023-05-27 16:15:00
debiancve
debiancve
CVE-2023-32695
2023-05-27 16:15:09
cve
cve
CVE-2023-32695
2023-05-27 16:15:09
cvelist
cvelist
CVE-2023-32695 Insufficient validation when decoding a Socket.IO packet
2023-05-27 15:44:03