VYPR
Moderate severityNVD Advisory· Published May 27, 2023· Updated Jan 13, 2025

Insufficient validation when decoding a Socket.IO packet

CVE-2023-32695

Description

socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released in version 4.2.3.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
socket.io-parsernpm
>= 4.0.4, < 4.2.34.2.3
socket.io-parsernpm
>= 3.4.0, < 3.4.33.4.3
socket.io-parsernpm
< 3.3.43.3.4

Affected products

2

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.