CVE-2014-0019

Name of the Vulnerable Software and Affected Versions socat versions 1.3.0.0 through 1.7.2.2 socat versions 2.0.0-b1 through 2.0.0-b6

Description The issue allows local users to cause a denial of service, resulting in a segmentation fault, by providing a long server name in the PROXY-CONNECT address via the command line.

Recommendations For socat versions 1.3.0.0 through 1.7.2.2, update to a version outside of this range to resolve the issue. For socat versions 2.0.0-b1 through 2.0.0-b6, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting the length of server names in the PROXY-CONNECT address to prevent exploitation.