6.2 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.1%
socat is a multipurpose bidirectional relay, similar to netcat.
A vulnerability in the “xioscan_readline()” function in xio-readline.c could cause a heap-based buffer overflow.
A remote attacker could possibly execute arbitrary code with the privileges of the socat process.
There is no known workaround at this time.
All socat users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/socat-1.7.2.1"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | net-misc/socat | < 1.7.2.1 | UNKNOWN |