PT-2022-15020 · Soketi · Soketi

Rennokki

Published

2022-01-07

Updated

2022-01-14

CVE-2022-21667

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions soketi versions prior to 0.24.1

Description The issue arises from an unhandled case when reading POST requests, which results in the server crashing if it could not read the body of a request. If a POST request is sent to any endpoint of the server with an empty body, even unauthenticated with the Pusher Protocol, it will crash the server. All users that run the server are affected by this issue.

Recommendations To resolve the issue, update to at least version 0.24.1 or the latest version. There are no workarounds for this issue, and upgrading is the only solution.

Exploit

Fix

Improper Handling of Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-755

Related Identifiers

CVE-2022-21667

GHSA-86CH-6W7V-V6XF

Affected Products

Soketi

PT-2022-15020 · Soketi · Soketi

CVE-2022-21667

Weakness Enumeration

Related Identifiers

Affected Products

References · 9