GoogleOSV:GHSA-85XX-XHJM-RHRWSocket.IO-client Java before 2.0.1 vulnerable to NULL Pointer Dereference
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
60.8%
The package io.socket:socket.io-client before 2.0.1 is vulnerable to NULL Pointer Dereference when parsing a packet with with invalid payload format.
References
github.com/socketio/socket.io-client-java
github.com/socketio/socket.io-client-java/commit/8664499b6f31154f49783531f778dac5387b766b
github.com/socketio/socket.io-client-java/commit/e8ffe9d1383736f6a21090ab959a2f4fa5a41284
github.com/socketio/socket.io-client-java/issues/508%23issuecomment-1179817361
github.com/socketio/socket.io-client-java/releases/tag/socket.io-client-2.0.1
nvd.nist.gov/vuln/detail/CVE-2022-25867
security.snyk.io/vuln/SNYK-JAVA-IOSOCKET-2949738
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
60.8%