Buffer overflow in Dest-unreach Socat
CVE-2014-0019
Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial of service (segmentation fault) via a long server name in the PROXY-CONNECT address in the command line.
Vulnerability class: Buffer Overflow
EPSS: 0.004 (32.2th percentile) — read the EPSS interpretation.
Affected products
- Dest-unreach Socat — versions 2.0.0, 1.3.0.0, 1.3.0.1
- Fedoraproject Fedora — versions 19, 20
- Opensuse — versions 13.1
- N/a — versions n/a
Weakness classification (CWE)
References
- secalert@redhat.com (vendor-advisory, x_refsource_FEDORA, Third Party Advisory)
- secalert@redhat.com (vendor-advisory, x_refsource_MANDRIVA, Broken Link)
- secalert@redhat.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
- secalert@redhat.com (x_refsource_OSVDB, vdb-entry, Broken Link)
- secalert@redhat.com (mailing-list, x_refsource_MLIST, Patch, VDB Entry, Third Party Advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Patch)
- secalert@redhat.com (Third Party Advisory, x_refsource_MISC)
- secalert@redhat.com (vendor-advisory, Third Party Advisory, x_refsource_SUSE)
- secalert@redhat.com (vendor-advisory, x_refsource_FEDORA, Third Party Advisory)