Moderate severityNVD Advisory· Published May 27, 2023· Updated Jan 13, 2025
Insufficient validation when decoding a Socket.IO packet
CVE-2023-32695
Description
socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released in version 4.2.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
socket.io-parsernpm | >= 4.0.4, < 4.2.3 | 4.2.3 |
socket.io-parsernpm | >= 3.4.0, < 3.4.3 | 3.4.3 |
socket.io-parsernpm | < 3.3.4 | 3.3.4 |
Affected products
2- Range: >= 4.0.0, < 4.2.3
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-cqmj-92xf-r6r9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-32695ghsaADVISORY
- github.com/socketio/socket.io-parser/commit/1c220ddbf45ea4b44bc8dbf6f9ae245f672ba1b9ghsaWEB
- github.com/socketio/socket.io-parser/commit/2dc3c92622dad113b8676be06f23b1ed46b02cedghsax_refsource_MISCWEB
- github.com/socketio/socket.io-parser/commit/3b78117bf6ba7e99d7a5cfc1ba54d0477554a7f3ghsax_refsource_MISCWEB
- github.com/socketio/socket.io-parser/commit/ee006607495eca4ec7262ad080dd3a91439a5ba4ghsaWEB
- github.com/socketio/socket.io-parser/releases/tag/4.2.3ghsax_refsource_MISCWEB
- github.com/socketio/socket.io-parser/security/advisories/GHSA-cqmj-92xf-r6r9ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.