Gentoo FoundationMGASA-2014-0070Updated socat package fixes security vulnerability
1.9 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
5.1%
Due to a missing check in socat before 2.0.0-b7 during assembly of the HTTP request line, a long target server name ( in the documentation) in the PROXY-CONNECT address can cause a stack buffer overrun. Exploitation requires that the attacker is able to provide the target server name to the PROXY-CONNECT address in the command line. This can happen, for example, in scripts that receive data from untrusted sources (CVE-2014-0019).
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 3 | noarch | socat | <Β 2.0.0-0.b7.1 | socat-2.0.0-0.b7.1.mga3 |
| Mageia | 4 | noarch | socat | <Β 2.0.0-0.b7.1 | socat-2.0.0-0.b7.1.mga4 |
Related
1.9 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
5.1%