Lucene search

GoogleOSV:CVE-2022-25867

HistoryAug 02, 2022 - 2:15 p.m.

CVE-2022-25867

2022-08-0214:15:10

Google

osv.dev

null pointer dereference

packet parsing

invalid payload format

software

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

60.8%

JSON

The package io.socket:socket.io-client before 2.0.1 are vulnerable to NULL Pointer Dereference when parsing a packet with with invalid payload format.

References

github.com/socketio/socket.io-client-java/commit/8664499b6f31154f49783531f778dac5387b766b

github.com/socketio/socket.io-client-java/commit/e8ffe9d1383736f6a21090ab959a2f4fa5a41284

github.com/socketio/socket.io-client-java/issues/508%23issuecomment-1179817361

github.com/socketio/socket.io-client-java/releases/tag/socket.io-client-2.0.1

security.snyk.io/vuln/SNYK-JAVA-IOSOCKET-2949738

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

60.8%

JSON

Related for OSV:CVE-2022-25867