High severity7.5NVD Advisory· Published Aug 2, 2022· Updated Jun 17, 2026
CVE-2022-25867
CVE-2022-25867
Description
The package io.socket:socket.io-client before 2.0.1 are vulnerable to NULL Pointer Dereference when parsing a packet with with invalid payload format.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.socket:socket.io-clientMaven | < 2.0.1 | 2.0.1 |
Affected products
2- io.socket/socket.io-clientdescription
Patches
Vulnerability mechanics
References
7- github.com/socketio/socket.io-client-java/commit/8664499b6f31154f49783531f778dac5387b766bnvdPatchThird Party AdvisoryWEB
- github.com/socketio/socket.io-client-java/commit/e8ffe9d1383736f6a21090ab959a2f4fa5a41284nvdPatchThird Party AdvisoryWEB
- security.snyk.io/vuln/SNYK-JAVA-IOSOCKET-2949738nvdExploitIssue TrackingPatchRelease NotesThird Party AdvisoryWEB
- github.com/advisories/GHSA-85xx-xhjm-rhrwghsaADVISORY
- github.com/socketio/socket.io-client-java/issues/508%23issuecomment-1179817361nvdThird Party AdvisoryWEB
- github.com/socketio/socket.io-client-java/releases/tag/socket.io-client-2.0.1nvdRelease NotesThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2022-25867ghsaADVISORY
News mentions
0No linked articles in our index yet.