{ "version": "1", "package": [ { "name": "socat-native", "layer": "meta", "version": "1.8.0.0", "products": [ { "product": "socat", "cvesInRecord": "Yes" } ], "issue": [ { "id": "CVE-2004-1484", "summary": "Format string vulnerability in the _msg function in error.c in socat 1.4.0.3 and earlier, when used as an HTTP proxy client and run with the -ly option, allows remote attackers or local users to execute arbitrary code via format string specifiers in a syslog message.", "scorev2": "5.0", "scorev3": "0.0", "scorev4": "0.0", "vector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "status": "Patched", "link": "https://nvd.nist.gov/vuln/detail/CVE-2004-1484" }, { "id": "CVE-2010-2799", "summary": "Stack-based buffer overflow in the nestlex function in nestlex.c in Socat 1.5.0.0 through 1.7.1.2 and 2.0.0-b1 through 2.0.0-b3, when bidirectional data relay is enabled, allows context-dependent attackers to execute arbitrary code via long command-line arguments.", "scorev2": "6.8", "scorev3": "0.0", "scorev4": "0.0", "vector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "Patched", "link": "https://nvd.nist.gov/vuln/detail/CVE-2010-2799" }, { "id": "CVE-2012-0219", "summary": "Heap-based buffer overflow in the xioscan_readline function in xio-readline.c in socat 1.4.0.0 through 1.7.2.0 and 2.0.0-b1 through 2.0.0-b4 allows local users to execute arbitrary code via the READLINE address.", "scorev2": "6.2", "scorev3": "0.0", "scorev4": "0.0", "vector": "LOCAL", "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "status": "Patched", "link": "https://nvd.nist.gov/vuln/detail/CVE-2012-0219" }, { "id": "CVE-2013-3571", "summary": "socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service (file descriptor consumption) via multiple request that are refused based on the (1) sourceport, (2) lowport, (3) range, or (4) tcpwrap restrictions.", "scorev2": "2.6", "scorev3": "0.0", "scorev4": "0.0", "vector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "status": "Patched", "link": "https://nvd.nist.gov/vuln/detail/CVE-2013-3571" }, { "id": "CVE-2014-0019", "summary": "Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial of service (segmentation fault) via a long server name in the PROXY-CONNECT address in the command line.", "scorev2": "1.9", "scorev3": "0.0", "scorev4": "0.0", "vector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "status": "Patched", "link": "https://nvd.nist.gov/vuln/detail/CVE-2014-0019" }, { "id": "CVE-2015-1379", "summary": "The signal handler implementations in socat before 1.7.3.0 and 2.0.0-b8 allow remote attackers to cause a denial of service (process freeze or crash).", "scorev2": "5.0", "scorev3": "7.5", "scorev4": "0.0", "vector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "Patched", "link": "https://nvd.nist.gov/vuln/detail/CVE-2015-1379" }, { "id": "CVE-2016-2217", "summary": "The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does not use a prime number for the DH, which makes it easier for remote attackers to obtain the shared secret.", "scorev2": "5.0", "scorev3": "5.3", "scorev4": "0.0", "vector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "status": "Patched", "link": "https://nvd.nist.gov/vuln/detail/CVE-2016-2217" }, { "id": "CVE-2024-54661", "summary": "readline.sh in socat before1.8.0.2 relies on the /tmp/$USER/stderr2 file.", "scorev2": "0.0", "scorev3": "9.8", "scorev4": "0.0", "vector": "NETWORK", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "Patched", "link": "https://nvd.nist.gov/vuln/detail/CVE-2024-54661" } ] } ] }