Uncaught Exception

CVE-2023-32695

High

7.5/10

Summary

A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. This issue affects socket.io-parser versions 3.1.3 prior to 3.4.3, and 4.0.0 prior 4.2.3

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-248 - Uncaught Exception

An exception is thrown from a function, but it is not caught.

References

Advisory

Advisory Timeline

Published May 22, 2023

Uncaught Exception

CVE-2023-32695

Summary

CWE-248 - Uncaught Exception

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS