CVE-2022-25867
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-25867
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-25867.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-25867
- Aliases
- Published
- 2022-08-02T14:15:10.103Z
- Modified
- 2025-11-14T13:05:48.779899Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The package io.socket:socket.io-client before 2.0.1 are vulnerable to NULL Pointer Dereference when parsing a packet with with invalid payload format.
- References
-
- https://github.com/socketio/socket.io-client-java/commit/8664499b6f31154f49783531f778dac5387b766b
- https://github.com/socketio/socket.io-client-java/commit/e8ffe9d1383736f6a21090ab959a2f4fa5a41284
- https://github.com/socketio/socket.io-client-java/issues/508%23issuecomment-1179817361
- https://github.com/socketio/socket.io-client-java/releases/tag/socket.io-client-2.0.1
- https://security.snyk.io/vuln/SNYK-JAVA-IOSOCKET-2949738
Affected packages
Git / github.com/socketio/socket.io-client-java
Affected ranges
- Type
- GIT
- Repo
- https://github.com/socketio/socket.io-client-java
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixedFixed
Affected versions
socket.*
socket.io-client-0.1.0
socket.io-client-0.1.1
socket.io-client-0.1.2
socket.io-client-0.1.3
socket.io-client-0.2.0
socket.io-client-0.3.0
socket.io-client-0.4.0
socket.io-client-0.4.1
socket.io-client-0.4.2
socket.io-client-0.5.0
socket.io-client-0.5.1
socket.io-client-0.5.2
socket.io-client-0.6.0
socket.io-client-0.6.1
socket.io-client-0.6.2
socket.io-client-0.6.3
socket.io-client-0.7.0
socket.io-client-0.8.0
socket.io-client-0.8.1
socket.io-client-0.8.2
socket.io-client-0.8.3
socket.io-client-0.9.0
socket.io-client-1.0.0
socket.io-client-1.0.1
socket.io-client-2.0.0
Database specific
vanir_signatures
[
{
"digest": {
"length": 1481.0,
"function_hash": "155039469940386019455845258574245382871"
},
"target": {
"file": "src/main/java/io/socket/client/Manager.java",
"function": "onopen"
},
"source": "https://github.com/socketio/socket.io-client-java/commit/8664499b6f31154f49783531f778dac5387b766b",
"id": "CVE-2022-25867-0c60e5c5",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"digest": {
"line_hashes": [
"330351884232202267787130115367427524289",
"155993963846029726483332803758760818666",
"114592027837759442858847963566984970371",
"222307447661280100408270271903855654644",
"103423697403334210056011945958265846995",
"137547804320678982160556888762110102990",
"51146656315081352513844048987420068213",
"144909829009410704598234761018204933459",
"276099171136506276147276727079541770177",
"63449750779681841472008540675864904823",
"108162716819168662831186691028501926094",
"191679573230260346888028769194634881468",
"110599488653969413567111566202875718249",
"180225986859128937346504401972119021574",
"191659189624514619283189434269158729290",
"58324916380185471841697235065884853567",
"206999450170448514940640278334497546156",
"51538874068723634485169658885875709659",
"110877718632102977348873291911019390309"
],
"threshold": 0.9
},
"target": {
"file": "src/main/java/io/socket/client/Manager.java"
},
"source": "https://github.com/socketio/socket.io-client-java/commit/8664499b6f31154f49783531f778dac5387b766b",
"id": "CVE-2022-25867-10215edb",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line"
},
{
"digest": {
"length": 1117.0,
"function_hash": "323922742327221369151813226364361089600"
},
"target": {
"file": "src/main/java/io/socket/client/Manager.java",
"function": "onopen"
},
"source": "https://github.com/socketio/socket.io-client-java/commit/e8ffe9d1383736f6a21090ab959a2f4fa5a41284",
"id": "CVE-2022-25867-11d95d84",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"digest": {
"length": 408.0,
"function_hash": "70597917026141690223191826143879543719"
},
"target": {
"file": "src/test/java/io/socket/parser/ByteArrayTest.java",
"function": "encodeByteArrayDeepInJson"
},
"source": "https://github.com/socketio/socket.io-client-java/commit/e8ffe9d1383736f6a21090ab959a2f4fa5a41284",
"id": "CVE-2022-25867-17929c9f",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"digest": {
"line_hashes": [
"288603564831520194365938669999527539039",
"15443075338282085710766430325578478879",
"266807285816256519356564128641074790475",
"79059387198834139398806162249551166466",
"59437927496811949472673114489955237898",
"16378709719166551229015074467394304791",
"323592228835755047393068168514054313422",
"305923234698752830768282781185913101440",
"128335492556745160063143975696060537180",
"319295350110876249966077323512158804423",
"139106281154675989991554612194414760889",
"313201166436295185442082260814228928343",
"151983731337828388025729234043354048455",
"280033135824125570550515884858582018943",
"206808288277910031067639298856099572625",
"62857970291546491322099179329616852514",
"262714240699976427160528564632776152724",
"305693823433079522912660184665330671391",
"57917637913496150298032194618827208502",
"215779876998246325796626369424526735185",
"254568047225412264018822820763192925699",
"263547640131338004714259664119201732258",
"33384396784193127022364626030868101467",
"35031503367406367230514223571283468196",
"315976865793848207931550738648190072176",
"57142979980305532528152076017573460697",
"120184185082169093823677426798299070141"
],
"threshold": 0.9
},
"target": {
"file": "src/main/java/io/socket/parser/IOParser.java"
},
"source": "https://github.com/socketio/socket.io-client-java/commit/8664499b6f31154f49783531f778dac5387b766b",
"id": "CVE-2022-25867-2e76c8ad",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line"
},
{
"digest": {
"length": 422.0,
"function_hash": "126427260856981178354654855963014288413"
},
"target": {
"file": "src/test/java/io/socket/parser/ParserTest.java",
"function": "decodeInError"
},
"source": "https://github.com/socketio/socket.io-client-java/commit/e8ffe9d1383736f6a21090ab959a2f4fa5a41284",
"id": "CVE-2022-25867-337ee4a0",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"digest": {
"length": 225.0,
"function_hash": "214337505465570388417814207362912847702"
},
"target": {
"file": "src/main/java/io/socket/client/Manager.java",
"function": "call"
},
"source": "https://github.com/socketio/socket.io-client-java/commit/8664499b6f31154f49783531f778dac5387b766b",
"id": "CVE-2022-25867-399f96e7",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"digest": {
"line_hashes": [
"269189631608018628783737945980697426338",
"14573765729623747936242599497382791219",
"121968831759675192768773680298388720369"
],
"threshold": 0.9
},
"target": {
"file": "src/test/java/io/socket/parser/ParserTest.java"
},
"source": "https://github.com/socketio/socket.io-client-java/commit/8664499b6f31154f49783531f778dac5387b766b",
"id": "CVE-2022-25867-3f22d64a",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line"
},
{
"digest": {
"line_hashes": [
"94238245849690055776733890512580557144",
"133180078831256950317618517356016286330",
"207213122397558494108283864262317668325",
"122112420187721558789573035827374519801",
"278349400367920235569251780410605594837",
"111243925653825356868851864485153641346",
"51276178502341892755256213176177859697",
"301879898753269044612955752157856234181",
"208969016493228184399890410996416840831",
"334968619380632054071134232732141638101",
"246979572431205016719624711003798763871",
"250873568270127772824705796117157112366",
"274836480468834754093088942119916639064",
"136393982015616001105975997591502370107",
"41318188878015176963742778849741880103",
"334756858996575686001027776685538125597"
],
"threshold": 0.9
},
"target": {
"file": "src/test/java/io/socket/parser/Helpers.java"
},
"source": "https://github.com/socketio/socket.io-client-java/commit/8664499b6f31154f49783531f778dac5387b766b",
"id": "CVE-2022-25867-40491f46",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line"
},
{
"digest": {
"length": 69.0,
"function_hash": "178710714199927938745323101480645028447"
},
"target": {
"file": "src/test/java/io/socket/parser/Helpers.java",
"function": "call"
},
"source": "https://github.com/socketio/socket.io-client-java/commit/8664499b6f31154f49783531f778dac5387b766b",
"id": "CVE-2022-25867-441798ac",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"digest": {
"length": 1879.0,
"function_hash": "92422203340474926550443281726311871988"
},
"target": {
"file": "src/main/java/io/socket/parser/IOParser.java",
"function": "decodeString"
},
"source": "https://github.com/socketio/socket.io-client-java/commit/e8ffe9d1383736f6a21090ab959a2f4fa5a41284",
"id": "CVE-2022-25867-48de5bde",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"digest": {
"length": 1761.0,
"function_hash": "22618327027185820300069513878694498163"
},
"target": {
"file": "src/main/java/io/socket/parser/IOParser.java",
"function": "decodeString"
},
"source": "https://github.com/socketio/socket.io-client-java/commit/8664499b6f31154f49783531f778dac5387b766b",
"id": "CVE-2022-25867-4b628a7a",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"digest": {
"length": 225.0,
"function_hash": "214337505465570388417814207362912847702"
},
"target": {
"file": "src/main/java/io/socket/client/Manager.java",
"function": "call"
},
"source": "https://github.com/socketio/socket.io-client-java/commit/e8ffe9d1383736f6a21090ab959a2f4fa5a41284",
"id": "CVE-2022-25867-4f0444fb",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"digest": {
"length": 173.0,
"function_hash": "112944683551038721855475404685985638829"
},
"target": {
"file": "src/test/java/io/socket/parser/ByteArrayTest.java",
"function": "encodeByteArray2"
},
"source": "https://github.com/socketio/socket.io-client-java/commit/e8ffe9d1383736f6a21090ab959a2f4fa5a41284",
"id": "CVE-2022-25867-5238eeb5",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"digest": {
"line_hashes": [
"222307447661280100408270271903855654644",
"103423697403334210056011945958265846995",
"137547804320678982160556888762110102990",
"51146656315081352513844048987420068213",
"144909829009410704598234761018204933459",
"276099171136506276147276727079541770177",
"63449750779681841472008540675864904823",
"175677854661775611010073699219686998153",
"265104162537027909692604566300869247930",
"60384799861684396923173736554915127837",
"233079271236022527809654550124577392988",
"334353022424261598672514272424357292303",
"43564047231554041310739841207344903156",
"179490372741552773864707043236110188484",
"62297084573142657499941013054959228120",
"294842843886522386085322210674637276723",
"329373301809027826999721196839753302178",
"90572213038040735274262416326019841552",
"334353022424261598672514272424357292303",
"43564047231554041310739841207344903156",
"179490372741552773864707043236110188484",
"169023894476189725511837481431359229812",
"221804436680520198239341253726436398625",
"110877718632102977348873291911019390309"
],
"threshold": 0.9
},
"target": {
"file": "src/main/java/io/socket/client/Manager.java"
},
"source": "https://github.com/socketio/socket.io-client-java/commit/e8ffe9d1383736f6a21090ab959a2f4fa5a41284",
"id": "CVE-2022-25867-560a7467",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line"
},
{
"digest": {
"length": 168.0,
"function_hash": "204166515592920553489127799559742805006"
},
"target": {
"file": "src/test/java/io/socket/parser/ByteArrayTest.java",
"function": "encodeByteArray2"
},
"source": "https://github.com/socketio/socket.io-client-java/commit/8664499b6f31154f49783531f778dac5387b766b",
"id": "CVE-2022-25867-58d1d44d",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"digest": {
"length": 296.0,
"function_hash": "188005209971846718456536144872794840639"
},
"target": {
"file": "src/test/java/io/socket/parser/ByteArrayTest.java",
"function": "encodeDeepBinaryJSONWithNullValue"
},
"source": "https://github.com/socketio/socket.io-client-java/commit/e8ffe9d1383736f6a21090ab959a2f4fa5a41284",
"id": "CVE-2022-25867-5a2e8dcd",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"digest": {
"line_hashes": [
"94238245849690055776733890512580557144",
"133180078831256950317618517356016286330",
"277847541832062921134866598232159840774",
"210925262936132139554181240305776883598",
"195901139841702013903746216719160945339",
"133308813231207924035976929120450225049",
"106500292322008705824168062070608356540",
"3798448105526232460118391810149751431",
"324612372480211175524652808820054762788",
"70512390123679233209389854772796755253",
"312760577539159460909843129029185828827",
"247549691444917315111388294769195213511",
"106986818169959903001451311777231406742",
"324101447060866546129328860568813000341",
"12084278803998680857896914580904209778",
"231502664823332809976503690176763191944",
"110484007297038872466533763167873141364",
"136709469045096277873884578854727507534",
"86553291645369550712612845325477687057",
"161879002293776870660578428814178915038",
"258032804909825627144766731609201621432",
"81774182557928218687309435088553573650",
"32039212388845050715134370557838681118",
"246511126125611105686653069270469266869",
"40633985980171446033766331823318661445",
"109212433362270783226740382652215573746",
"307445133452431518988712725339401914366",
"198094818745506945232646406054350312292",
"158959541403471124445477622941279250794",
"94252167666969432427833898555347044100",
"127618413627684259171771024159499929252",
"153761612230287572655742427907461266632",
"137959505591415166735754348134779230847"
],
"threshold": 0.9
},
"target": {
"file": "src/test/java/io/socket/parser/ByteArrayTest.java"
},
"source": "https://github.com/socketio/socket.io-client-java/commit/e8ffe9d1383736f6a21090ab959a2f4fa5a41284",
"id": "CVE-2022-25867-5fb73e12",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line"
},
{
"digest": {
"length": 206.0,
"function_hash": "31593748012692812889959604266787137477"
},
"target": {
"file": "src/test/java/io/socket/parser/ByteArrayTest.java",
"function": "encodeByteArray"
},
"source": "https://github.com/socketio/socket.io-client-java/commit/8664499b6f31154f49783531f778dac5387b766b",
"id": "CVE-2022-25867-6302fdb8",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"digest": {
"length": 72.0,
"function_hash": "199816967162229504358665127724796251189"
},
"target": {
"file": "src/main/java/io/socket/client/Manager.java",
"function": "ondata"
},
"source": "https://github.com/socketio/socket.io-client-java/commit/8664499b6f31154f49783531f778dac5387b766b",
"id": "CVE-2022-25867-663f63f9",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"digest": {
"length": 72.0,
"function_hash": "199816967162229504358665127724796251189"
},
"target": {
"file": "src/main/java/io/socket/client/Manager.java",
"function": "ondata"
},
"source": "https://github.com/socketio/socket.io-client-java/commit/8664499b6f31154f49783531f778dac5387b766b",
"id": "CVE-2022-25867-8fbeb5b0",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"digest": {
"length": 422.0,
"function_hash": "126427260856981178354654855963014288413"
},
"target": {
"file": "src/test/java/io/socket/parser/ParserTest.java",
"function": "decodeInError"
},
"source": "https://github.com/socketio/socket.io-client-java/commit/8664499b6f31154f49783531f778dac5387b766b",
"id": "CVE-2022-25867-93e43e72",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"digest": {
"length": 138.0,
"function_hash": "178256102899245578013219693735217509739"
},
"target": {
"file": "src/main/java/io/socket/client/Manager.java",
"function": "ondata"
},
"source": "https://github.com/socketio/socket.io-client-java/commit/e8ffe9d1383736f6a21090ab959a2f4fa5a41284",
"id": "CVE-2022-25867-960230e6",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"digest": {
"length": 68.0,
"function_hash": "332180544957537797100064154126508377303"
},
"target": {
"file": "src/main/java/io/socket/parser/IOParser.java",
"function": "error"
},
"source": "https://github.com/socketio/socket.io-client-java/commit/8664499b6f31154f49783531f778dac5387b766b",
"id": "CVE-2022-25867-b9a5c01a",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"digest": {
"line_hashes": [
"94238245849690055776733890512580557144",
"133180078831256950317618517356016286330",
"277847541832062921134866598232159840774",
"210925262936132139554181240305776883598",
"195901139841702013903746216719160945339",
"133308813231207924035976929120450225049",
"106500292322008705824168062070608356540",
"3798448105526232460118391810149751431",
"324612372480211175524652808820054762788",
"279955952037762226704836918190727644072",
"71359213420542349620598470962533381188",
"338686438415964209792006857260363586849",
"171926862043464394639632938663201224107",
"12084278803998680857896914580904209778",
"288420503210052451976253847414604436468",
"153189052179132598341476071698655762081",
"11277500507056154793546597225265752548",
"103768160822141730253795347311758407196",
"161879002293776870660578428814178915038",
"258032804909825627144766731609201621432",
"81774182557928218687309435088553573650",
"32039212388845050715134370557838681118",
"326804524966583022787943353315274487042",
"326564268665324641843343098171175736432",
"112508828094635244235154492418677453490",
"77346130834140025449674242945035406115",
"198094818745506945232646406054350312292",
"158959541403471124445477622941279250794",
"210987834582175452421955818569567764719",
"28377400541050044022708811860014928183",
"147131802310384635435553080240682315863",
"119182149109773169623989132681692119653"
],
"threshold": 0.9
},
"target": {
"file": "src/test/java/io/socket/parser/ByteArrayTest.java"
},
"source": "https://github.com/socketio/socket.io-client-java/commit/8664499b6f31154f49783531f778dac5387b766b",
"id": "CVE-2022-25867-ccfcd446",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line"
},
{
"digest": {
"line_hashes": [
"288603564831520194365938669999527539039",
"15443075338282085710766430325578478879",
"266807285816256519356564128641074790475",
"204087852258886317367644981924637591548",
"81301933382191975383967456894446684033",
"305918127084691962467330016408346751785",
"63787025206940967262287090865913626892",
"315976865793848207931550738648190072176",
"57142979980305532528152076017573460697",
"120184185082169093823677426798299070141"
],
"threshold": 0.9
},
"target": {
"file": "src/main/java/io/socket/parser/IOParser.java"
},
"source": "https://github.com/socketio/socket.io-client-java/commit/e8ffe9d1383736f6a21090ab959a2f4fa5a41284",
"id": "CVE-2022-25867-d19542d3",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line"
},
{
"digest": {
"length": 403.0,
"function_hash": "862704848921722933330526036219367124"
},
"target": {
"file": "src/test/java/io/socket/parser/ByteArrayTest.java",
"function": "encodeByteArrayDeepInJson"
},
"source": "https://github.com/socketio/socket.io-client-java/commit/8664499b6f31154f49783531f778dac5387b766b",
"id": "CVE-2022-25867-dc5f47b3",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"digest": {
"length": 262.0,
"function_hash": "309278589394794552611978371824915736461"
},
"target": {
"file": "src/test/java/io/socket/parser/Helpers.java",
"function": "testDecodeError"
},
"source": "https://github.com/socketio/socket.io-client-java/commit/8664499b6f31154f49783531f778dac5387b766b",
"id": "CVE-2022-25867-dd29aeb0",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"digest": {
"length": 211.0,
"function_hash": "184130053973997845548317344239987455514"
},
"target": {
"file": "src/test/java/io/socket/parser/ByteArrayTest.java",
"function": "encodeByteArray"
},
"source": "https://github.com/socketio/socket.io-client-java/commit/e8ffe9d1383736f6a21090ab959a2f4fa5a41284",
"id": "CVE-2022-25867-e58cd2b9",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"digest": {
"length": 138.0,
"function_hash": "178256102899245578013219693735217509739"
},
"target": {
"file": "src/main/java/io/socket/client/Manager.java",
"function": "ondata"
},
"source": "https://github.com/socketio/socket.io-client-java/commit/e8ffe9d1383736f6a21090ab959a2f4fa5a41284",
"id": "CVE-2022-25867-efaa3a2f",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"digest": {
"line_hashes": [
"269189631608018628783737945980697426338",
"14573765729623747936242599497382791219",
"121968831759675192768773680298388720369"
],
"threshold": 0.9
},
"target": {
"file": "src/test/java/io/socket/parser/ParserTest.java"
},
"source": "https://github.com/socketio/socket.io-client-java/commit/e8ffe9d1383736f6a21090ab959a2f4fa5a41284",
"id": "CVE-2022-25867-f7bfbd3e",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line"
},
{
"digest": {
"length": 291.0,
"function_hash": "175086423678421437849067288517186540843"
},
"target": {
"file": "src/test/java/io/socket/parser/ByteArrayTest.java",
"function": "encodeDeepBinaryJSONWithNullValue"
},
"source": "https://github.com/socketio/socket.io-client-java/commit/8664499b6f31154f49783531f778dac5387b766b",
"id": "CVE-2022-25867-ff56a16e",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
}
]