PT-2014-3435 · Socat+2 · Socat+2

Published

2014-02-04

·

Updated

2024-06-15

·

CVE-2014-0019

CVSS v2.0

1.9

Low

VectorAV:L/AC:M/Au:N/C:N/I:N/A:P
Name of the Vulnerable Software and Affected Versions socat versions 1.3.0.0 through 1.7.2.2 socat versions 2.0.0-b1 through 2.0.0-b6
Description The issue allows local users to cause a denial of service, resulting in a segmentation fault, by providing a long server name in the PROXY-CONNECT address via the command line.
Recommendations For socat versions 1.3.0.0 through 1.7.2.2, update to a version outside of this range to resolve the issue. For socat versions 2.0.0-b1 through 2.0.0-b6, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting the length of server names in the PROXY-CONNECT address to prevent exploitation.

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2014-1552
CVE-2014-0019
MGASA-2014-0070
OPENSUSE-SU-2024:10371-1
SUSE-SU-2016:0343-1

Affected Products

Alt Linux
Suse
Socat