CVE-2022-25867

Name of the Vulnerable Software and Affected Versions io.socket:socket.io-client versions prior to 2.0.1

Description The issue is related to a NULL Pointer Dereference that occurs when parsing a packet with an invalid payload format. This can happen in the io.socket:socket.io-client package.

Recommendations For versions prior to 2.0.1, update to version 2.0.1 or later to resolve the issue. As a temporary workaround, consider implementing input validation to ensure that only packets with valid payload formats are processed. Restrict access to the packet parsing functionality to minimize the risk of exploitation.