PT-2021-11910 · Unknown · Socket.Io-Parser

Bcaller

Published

2021-01-07

Updated

2021-07-21

CVE-2020-36049

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: socket.io-parser versions prior to 3.4.1

Description: The issue allows attackers to cause a denial of service due to memory consumption via a large packet, as a concatenation approach is used.

Recommendations: For versions prior to 3.4.1, update to version 3.4.1 or later to resolve the issue.

Exploit

Fix

DoS

Allocation of Resources Without Limits

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-400

Related Identifiers

AZL-45030

CVE-2020-36049

GHSA-XFHH-G9F5-X4M4

Affected Products

Socket.Io-Parser

PT-2021-11910 · Unknown · Socket.Io-Parser

CVE-2020-36049

Weakness Enumeration

Related Identifiers

Affected Products

References · 17