2 results (0.004 seconds)

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

The signal handler implementations in socat before 1.7.3.0 and 2.0.0-b8 allow remote attackers to cause a denial of service (process freeze or crash). Las implementaciones del manejador de señal en socat, versiones anteriores a la 1.7.3.0 y a la 2.0.0-b8 permiten a atacantes remotos causar una denegación de servicio (bloqueo o caída de proceso). • http://www.dest-unreach.org/socat http://www.openwall.com/lists/oss-security/2015/01/27/19 http://www.openwall.com/lists/oss-security/2015/04/06/4 http://www.securityfocus.com/bid/72321 https://bugzilla.redhat.com/show_bug.cgi?id=1185711 • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 2%CPEs: 16EXPL: 3

Format string vulnerability in the _msg function in error.c in socat 1.4.0.3 and earlier, when used as an HTTP proxy client and run with the -ly option, allows remote attackers or local users to execute arbitrary code via format string specifiers in a syslog message. • https://www.exploit-db.com/exploits/591 http://secunia.com/advisories/12936 http://www.dest-unreach.org/socat/advisory/socat-adv-1.html http://www.gentoo.org/security/en/glsa/glsa-200410-26.xml http://www.nosystem.com.ar/advisories/advisory-07.txt http://www.securityfocus.com/bid/11505 https://exchange.xforce.ibmcloud.com/vulnerabilities/17822 •