6.2 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.1%
The socat development team reports:
This vulnerability can be exploited when socat is invoked with the
READLINE address (this is usually only used interactively) without
option “prompt” and without option “noprompt” and an attacker succeeds
to provide malicious data to the other (arbitrary) address that is then
transferred by socat to the READLINE address for output.
Successful exploitation may allow an attacker to execute arbitrary
code with the privileges of the socat process.