CVE-2023-32695 – DoS via Malformed Packet in socket.io-parser

Severity: Low2025-08-05

Security Advisories

Abstract

socket.io-parser is the encoding and decoding engine behind socket.io, used for serializing messages between clients and servers. In affected versions, a specially crafted packet could lead to an uncaught exception, causing the Node.js process to crash.

CVE-2023-32695 tracks this vulnerability, which was resolved in version 4.2.3 of socket.io-parser. Oxygen Content Fusion used this library as part of its real-time notification system.

Affected Products/Versions

ProductSeverityFixed Release Availability
Oxygen Content Fusion v7.1 and olderLow Oxygen Content Fusion 7.1 build 2024100818

Mitigation

None

Detail

CVE-2023-32695

Severity: High

CVSS Score: 7.5

Malformed packets could cause unhandled exceptions in the socket.io-parser, resulting in crashes of the Node.js process. This may temporarily disrupt real-time features.

In Oxygen Content Fusion, the real-time notification system is non-critical; if affected, users may experience a brief delay in updates until the process restarts.

Starting with Oxygen Content Fusion 7.1 build 2024100818 the vulnerable package has been updated, and notifications remain fully functional post-upgrade.

List of Security Advisories

Video Tutorials
Upcoming Events
webinar
Vibe Authoring with Oxygen AI Positron 8.0
January 21, 2026

Products

Features

Shop

Resources

Support

Company

© 2002-2025 SyncRO Soft SRL. All rights reserved.

This website was created & generated with <oXygen/>®XML Editor