How severe is CVE-2022-41940?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2022-41940?

This is classified as CWE-248, which is a common weakness in software security.

CVE-2022-41940 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the engine.io package, including those who uses depending packages like socket.io. There is no known workaround except upgrading to a safe version. There are patches for this issue released in versions 3.6.1 and 6.2.1.

Related Vulnerabilities

CVE-2019-7474

MEDIUM

CVSS:6.5(Medium)

A vulnerability in SonicWall SonicOS and SonicOSv, allow authenticated read-only admin to leave the firewall in an unstable state by downloading certificate with specific extension. This vulnerability...

CWE-2482019

CVE-2020-27121

MEDIUM

CVSS:6.5(Medium)

A vulnerability in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) Software could allow an authenticated, remote attacker to cause the Cisco XCP Authentication Ser...

CWE-2482020

CVE-2021-36802

MEDIUM

CVSS:6.5(Medium)

Akaunting version 2.1.12 and earlier suffers from a denial-of-service issue that is triggered by setting a malformed 'locale' variable and sending it in an otherwise normal HTTP POST request. This iss...

CWE-2482021

CVE-2022-20761

MEDIUM

CVSS:6.5(Medium)

A vulnerability in the integrated wireless access point (AP) packet processing of the Cisco 1000 Series Connected Grid Router (CGR1K) could allow an unauthenticated, adjacent attacker to cause a denia...

CWE-2482022

CVE-2023-22290

MEDIUM

CVSS:6.5(Medium)

Uncaught exception for some Intel Unison software may allow an authenticated user to potentially enable denial of service via network access.

CWE-2482023

CVE-2023-25526

MEDIUM

CVSS:6.5(Medium)

NVIDIA Cumulus Linux contains a vulnerability in neighmgrd and nlmanager where an attacker on an adjacent network may cause an uncaught exception by injecting a crafted packet. A successful exploit ma...

CWE-2482023