vulnerability
SUSE: CVE-2024-38355: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Oct 29, 2024 | Dec 5, 2025 | Dec 5, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Oct 29, 2024
Added
Dec 5, 2025
Modified
Dec 5, 2025
Description
Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. This issue is fixed by commit `15af22fc22` which has been included in `socket.io@4.6.2` (released in May 2023). The fix was backported in the 2.x branch as well with commit `d30630ba10`. Users are advised to upgrade. Users unable to upgrade may attach a listener for the "error" event to catch these errors.
Solutions
suse-upgrade-pgadmin4suse-upgrade-pgadmin4-cloudsuse-upgrade-pgadmin4-desktopsuse-upgrade-pgadmin4-docsuse-upgrade-pgadmin4-web-uwsgisuse-upgrade-system-user-pgadmin
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.