CVE-2020-36049

Опубликовано: 08 янв. 2021

Источник: debian

EPSS Низкий

Описание

socket.io-parser before 3.4.1 allows attackers to cause a denial of service (memory consumption) via a large packet because a concatenation approach is used.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
node-socket.io-parser	fixed	3.4.1-1		package
node-socket.io-parser	no-dsa		buster	package

Примечания

https://blog.caller.xyz/socketio-engineio-dos/
https://github.com/socketio/socket.io-parser/commit/dcb942d24db97162ad16a67c2a0cf30875342d55

EPSS

Процентиль: 67%

0.00528

Низкий

Связанные уязвимости

CVE-2020-36049

CVSS3: 7.5

ubuntu

около 5 лет назад

socket.io-parser before 3.4.1 allows attackers to cause a denial of service (memory consumption) via a large packet because a concatenation approach is used.

CVE-2020-36049

CVSS3: 7.5

redhat

около 6 лет назад

socket.io-parser before 3.4.1 allows attackers to cause a denial of service (memory consumption) via a large packet because a concatenation approach is used.

CVE-2020-36049

CVSS3: 7.5

nvd

около 5 лет назад

socket.io-parser before 3.4.1 allows attackers to cause a denial of service (memory consumption) via a large packet because a concatenation approach is used.

GHSA-xfhh-g9f5-x4m4

CVSS3: 7.5

github

больше 4 лет назад

Resource exhaustion in socket.io-parser

EPSS

Процентиль: 67%

0.00528

Низкий