CVE-2026-33151 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Sock…
High CVSS: 8.7

CVE-2026-33151

Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server run out of memory. This issue has been patched in versions 3.3.5, 3.4.4, and 4.2.6.
Vendor
-
Product
-
CWE
CWE-20
Yayın Tarihi
2026-03-20 21:17:15
Güncelleme
2026-03-23 14:32:02
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-20 HIGH 2026

Referanslar

https://github.com/socketio/socket.io/commit/719f9ebab0772ffb882bd614b387e585c1aa75d4 https://github.com/socketio/socket.io/commit/9d39f1f080510f036782f2177fac701cc041faaf https://github.com/socketio/socket.io/commit/b25738c416c4e32fbff62ee182afa8f6d0dacf78 https://github.com/socketio/socket.io/security/advisories/GHSA-677m-j7p3-52f9