Описание
socket.io-parser before 3.4.1 allows attackers to cause a denial of service (memory consumption) via a large packet because a concatenation approach is used.
An uncontrolled resource consumption vulnerability was found in socket.io-parser. If an attacker crafts a packet with a very large payload length, this can cause the parser to consume an ever-increasing amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat 3scale API Management Platform 2 | system | Affected | ||
| Red Hat Quay 3 | quay/quay-builder-qemu-rhcos-rhel8 | Not affected | ||
| Red Hat Quay 3 | quay/quay-rhel8 | Fix deferred |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
socket.io-parser before 3.4.1 allows attackers to cause a denial of service (memory consumption) via a large packet because a concatenation approach is used.
socket.io-parser before 3.4.1 allows attackers to cause a denial of service (memory consumption) via a large packet because a concatenation approach is used.
socket.io-parser before 3.4.1 allows attackers to cause a denial of se ...
7.5 High
CVSS3