CVE-2022-21667 – CVE-2022-21667 is a denial-of-service vulnerabi... (How to Fix)

Q: What is the severity of CVE-2022-21667?

CVE-2022-21667 has a CVSS score of 7.5 (HIGH). CVE-2022-21667 is a denial-of-service vulnerability in soketi WebSockets server where sending a POST request with an empty body to any endpoint causes the server to crash. All soketi server users are affected, and unauthenticated attackers can trigger this crash remotely.

📋 TL;DR

CVE-2022-21667 is a denial-of-service vulnerability in soketi WebSockets server where sending a POST request with an empty body to any endpoint causes the server to crash. All soketi server users are affected, and unauthenticated attackers can trigger this crash remotely.

💻 Affected Systems

Products:

soketi

Versions: All versions before 0.24.1

Operating Systems: All platforms running soketi

Default Config Vulnerable: ⚠️ Yes

Notes: All soketi deployments are vulnerable regardless of configuration.

📦 What is this software?

Soketi by Soketi Project

View all CVEs affecting Soketi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption with soketi server crashing, causing WebSocket connections to drop and requiring manual restart.

🟠

Likely Case

Service disruption through repeated crashes, leading to availability issues for WebSocket-dependent applications.

🟢

If Mitigated

No impact if patched version is deployed or if server is not exposed to untrusted networks.

🌐 Internet-Facing: HIGH - Unauthenticated remote attackers can crash the server with a simple HTTP request.

🏢 Internal Only: MEDIUM - Internal attackers or misconfigured clients could still cause service disruption.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only sending a POST request with empty body to any soketi endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.24.1

Vendor Advisory: https://github.com/soketi/soketi/security/advisories/GHSA-86ch-6w7v-v6xf

Restart Required: Yes

Instructions:

1. Stop soketi server. 2. Update to version 0.24.1 or later using npm: 'npm update @soketi/soketi'. 3. Restart soketi server.

🧯 If You Can't Patch

Place soketi behind a reverse proxy that filters POST requests with empty bodies.
Implement network segmentation to restrict access to soketi endpoints.

🔍 How to Verify

Check if Vulnerable:

Check if soketi version is below 0.24.1 using 'npm list @soketi/soketi' or check package.json.

Check Version:

npm list @soketi/soketi | grep soketi

Verify Fix Applied:

After patching, test by sending POST request with empty body to soketi endpoint - server should not crash.

📡 Detection & Monitoring

Log Indicators:

Server crash logs
Process termination messages
Unexpected soketi restarts

Network Indicators:

POST requests with Content-Length: 0 or empty body to soketi endpoints

SIEM Query:

source="soketi.log" AND ("crash" OR "terminated" OR "unhandled")

📊 Metadata

CVE ID: CVE-2022-21667

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-755

Published: January 10, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/soketi/soketi/commit/4b12efef9c31117c36a0a0f1c3aa32114e86364b Patch,Third Party Advisory
https://github.com/soketi/soketi/releases/tag/0.24.1 Release Notes,Third Party Advisory
https://github.com/soketi/soketi/security/advisories/GHSA-86ch-6w7v-v6xf Third Party Advisory
https://github.com/soketi/soketi/commit/4b12efef9c31117c36a0a0f1c3aa32114e86364b Patch,Third Party Advisory
https://github.com/soketi/soketi/releases/tag/0.24.1 Release Notes,Third Party Advisory
https://github.com/soketi/soketi/security/advisories/GHSA-86ch-6w7v-v6xf Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-21667, you might also want to check these: