CVE-2020-36049

Опубликовано: 08 янв. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

socket.io-parser before 3.4.1 allows attackers to cause a denial of service (memory consumption) via a large packet because a concatenation approach is used.

Ссылки

https://blog.caller.xyz/socketio-engineio-dos/
Exploit
Third Party Advisory
https://github.com/bcaller/kill-engine-io
Third Party Advisory
https://github.com/socketio/socket.io-parser/commit/dcb942d24db97162ad16a67c2a0cf30875342d55
Patch
Third Party Advisory
https://blog.caller.xyz/socketio-engineio-dos/
Exploit
Third Party Advisory
https://github.com/bcaller/kill-engine-io
Third Party Advisory
https://github.com/socketio/socket.io-parser/commit/dcb942d24db97162ad16a67c2a0cf30875342d55
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:socket:socket.io-parser:*:*:*:*:*:node.js:*:*

Версия до 3.4.1 (исключая)

EPSS

Процентиль: 67%

0.00528

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-770

Связанные уязвимости

CVE-2020-36049

CVSS3: 7.5

ubuntu

около 5 лет назад

socket.io-parser before 3.4.1 allows attackers to cause a denial of service (memory consumption) via a large packet because a concatenation approach is used.

CVE-2020-36049

CVSS3: 7.5

redhat

около 6 лет назад

socket.io-parser before 3.4.1 allows attackers to cause a denial of service (memory consumption) via a large packet because a concatenation approach is used.

CVE-2020-36049

CVSS3: 7.5

debian

около 5 лет назад

socket.io-parser before 3.4.1 allows attackers to cause a denial of se ...

GHSA-xfhh-g9f5-x4m4

CVSS3: 7.5

github

больше 4 лет назад

Resource exhaustion in socket.io-parser

EPSS

Процентиль: 67%

0.00528

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-770