Description

Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. This issue is fixed by commit `15af22fc22` which has been included in `[email protected]` (released in May 2023). The fix was backported in the 2.x branch as well with commit `d30630ba10`. Users are advised to upgrade. Users unable to upgrade may attach a listener for the "error" event to catch these errors.

INFO

Published Date :

2024-06-19T19:48:50.193Z

Last Modified :

2024-09-03T20:35:40.515Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-38355 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-38355.

URL Resource
https://github.com/socketio/socket.io/commit/15af22fc22bc6030fcead322c106f07640336115 cve-icon cve-icon cve-icon
https://github.com/socketio/socket.io/commit/d30630ba10562bf987f4d2b42440fc41a828119c cve-icon cve-icon cve-icon
https://github.com/socketio/socket.io/security/advisories/GHSA-25hc-qcg6-38wj cve-icon cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-38355 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-38355 cve-icon
https://www.vicarius.io/vsociety/posts/unhandled-exception-in-socketio-cve-2024-38355 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact