4 results (0.005 seconds)

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

The signal handler implementations in socat before 1.7.3.0 and 2.0.0-b8 allow remote attackers to cause a denial of service (process freeze or crash). Las implementaciones del manejador de señal en socat, versiones anteriores a la 1.7.3.0 y a la 2.0.0-b8 permiten a atacantes remotos causar una denegación de servicio (bloqueo o caída de proceso). • http://www.dest-unreach.org/socat http://www.openwall.com/lists/oss-security/2015/01/27/19 http://www.openwall.com/lists/oss-security/2015/04/06/4 http://www.securityfocus.com/bid/72321 https://bugzilla.redhat.com/show_bug.cgi?id=1185711 • CWE-20: Improper Input Validation •

CVSS: 1.9EPSS: 0%CPEs: 35EXPL: 0

Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial of service (segmentation fault) via a long server name in the PROXY-CONNECT address in the command line. Desbordamiento de buffer basado en pila en Socat 1.3.0.0 hasta 1.7.2.2 y 2.0.0-b1 hasta 2.0.0-b6 permite a usuarios locales causar una denegación de servicio (fallo de segmentación) a través de un nombre de servidor largo en la dirección PROXY-CONNECT en la línea de comandos. • http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128190.html http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128229.html http://lists.opensuse.org/opensuse-updates/2015-04/msg00043.html http://osvdb.org/102612 http://seclists.org/oss-sec/2014/q1/159 http://www.dest-unreach.org/socat http://www.dest-unreach.org/socat/contrib/socat-secadv5.txt http://www.mandriva.com/security/advisories?name=MDVSA-2014:033 http://www.securityfocus.com/bid • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 2.6EPSS: 0%CPEs: 31EXPL: 0

socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service (file descriptor consumption) via multiple request that are refused based on the (1) sourceport, (2) lowport, (3) range, or (4) tcpwrap restrictions. socat 1.2.0.0 anterior a 1.7.2.2 y 2.0.0-b1 anterior a 2.0.0-b6, cuando se utiliza para una dirección tipo escucha y la opción de bifurcación está habilitada, permite a atacantes remotos causar una denegación de servicio (consumo de descriptor de archivos) a través de solicitudes múltiples que están denegadas basándose en las restricciones (1) sourceport, (2) lowport, (3) range o (4) tcpwrap. • http://www.dest-unreach.org/socat/contrib/socat-secadv4.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:169 http://www.openwall.com/lists/oss-security/2013/05/26/1 •

CVSS: 5.0EPSS: 2%CPEs: 16EXPL: 3

Format string vulnerability in the _msg function in error.c in socat 1.4.0.3 and earlier, when used as an HTTP proxy client and run with the -ly option, allows remote attackers or local users to execute arbitrary code via format string specifiers in a syslog message. • https://www.exploit-db.com/exploits/591 http://secunia.com/advisories/12936 http://www.dest-unreach.org/socat/advisory/socat-adv-1.html http://www.gentoo.org/security/en/glsa/glsa-200410-26.xml http://www.nosystem.com.ar/advisories/advisory-07.txt http://www.securityfocus.com/bid/11505 https://exchange.xforce.ibmcloud.com/vulnerabilities/17822 •