CVE-2024-38355
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-38355
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-38355.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-38355
- Aliases
- Related
- Published
- 2024-06-19T20:15:11Z
- Modified
- 2024-10-08T04:15:29.363194Z
- Summary
- [none]
- Details
-
Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. This issue is fixed by commit
15af22fc22which has been included insocket.io@4.6.2(released in May 2023). The fix was backported in the 2.x branch as well with commitd30630ba10. Users are advised to upgrade. Users unable to upgrade may attach a listener for the "error" event to catch these errors. - References
Affected packages
Git / github.com/socketio/socket.io
Affected ranges
- Type
- GIT
- Repo
- https://github.com/socketio/socket.io
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
0.*
0.7.0
0.7.1
0.7.10
0.7.11
0.7.2
0.7.3
0.7.4
0.7.5
0.7.6
0.7.7
0.7.8
0.7.9
0.8.0
0.8.1
0.8.2
0.8.3
0.8.4
0.8.5
0.8.6
0.8.7
0.9.0
0.9.1
0.9.1-1
0.9.10
0.9.11
0.9.12
0.9.2
0.9.3
0.9.4
0.9.5
0.9.7
0.9.8
0.9.9
1.*
1.0.0
1.0.0-pre
1.0.0-pre2
1.0.0-pre3
1.0.0-pre4
1.0.0-pre5
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.1.0
1.2.0
1.2.1
1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.3.7
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.4.7
1.4.8
1.5.0
1.5.1
1.6.0
1.7.0
1.7.1
1.7.2
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.1.0
2.1.1
2.2.0
2.3.0
2.4.0
2.4.1
2.5.0
3.*
3.0.0
3.0.0-rc1
3.0.0-rc2
3.0.0-rc3
3.0.0-rc4
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.1.0
3.1.1
3.1.2
4.*
4.0.0
4.0.1
4.0.2
4.1.0
4.1.1
4.1.2
4.1.3
4.2.0
4.3.0
4.3.1
4.3.2
4.4.0
4.4.1
4.5.0
4.5.1
4.5.2
4.5.3
4.5.4
4.6.0
4.6.0-alpha1
4.6.1