CVE-2022-21667
Last modified
CVE-2022-21667 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. soketi is an open-source WebSockets server. There is an unhandled case when reading POST requests which results in the server crashing if it could not read the body of a request. EPSS estimates a 1.62% chance of exploitation in the next 30 days.
Description
soketi is an open-source WebSockets server. There is an unhandled case when reading POST requests which results in the server crashing if it could not read the body of a request. In the event that a POST request is sent to any endpoint of the server with an empty body, even unauthenticated with the Pusher Protocol, it will crash the server. All users that run the server are affected by this vulnerability and it's highly recommended to upgrade to the latest patch. There are no workarounds for this issue.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Soketi Project | Soketi | < 0.24.1 |
References
- https://github.com/soketi/soketi/commit/4b12efef9c31117c36a0a0f1c3aa32114e86364bPatch, Third Party Advisory
- https://github.com/soketi/soketi/releases/tag/0.24.1Release Notes, Third Party Advisory
- https://github.com/soketi/soketi/security/advisories/GHSA-86ch-6w7v-v6xfThird Party Advisory
- https://github.com/soketi/soketi/commit/4b12efef9c31117c36a0a0f1c3aa32114e86364bPatch, Third Party Advisory
- https://github.com/soketi/soketi/releases/tag/0.24.1Release Notes, Third Party Advisory
- https://github.com/soketi/soketi/security/advisories/GHSA-86ch-6w7v-v6xfThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-21667?
How severe is CVE-2022-21667?
How do I fix CVE-2022-21667?
Are you affected by CVE-2022-21667?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST