CVE-2026-33151

Sažetak

Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server run out of memory. This issue has been patched in versions 3.3.5, 3.4.4, and 4.2.6.

Reference

https://github.com/socketio/socket.io/commit/719f9ebab0772ffb882bd614b387e585c1aa75d4
https://github.com/socketio/socket.io/commit/9d39f1f080510f036782f2177fac701cc041faaf
https://github.com/socketio/socket.io/commit/b25738c416c4e32fbff62ee182afa8f6d0dacf78
https://github.com/socketio/socket.io/security/advisories/GHSA-677m-j7p3-52f9

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

23-03-2026 - 14:32

Objavljeno

20-03-2026 - 21:17