FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-16 06:42:40 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
6601127c-9e09-11e1-b5e0-000c299b62e1	socat -- Heap-based buffer overflow The socat development team reports: This vulnerability can be exploited when socat is invoked with the READLINE address (this is usually only used interactively) without option "prompt" and without option "noprompt" and an attacker succeeds to provide malicious data to the other (arbitrary) address that is then transferred by socat to the READLINE address for output. Successful exploitation may allow an attacker to execute arbitrary code with the privileges of the socat process. Discovery 2012-05-14 Entry 2012-05-14 socat < 1.7.2.1 CVE-2012-0219 www.dest-unreach.org/socat/contrib/socat-secadv3.html
a4c9e12d-88b7-11e3-8ada-10bf48e1088e	socat -- buffer overflow with data from command line Florian Weimer of the Red Hat Product Security Team reports: Due to a missing check during assembly of the HTTP request line a long target server name in the PROXY-CONNECT address can cause a stack buffer overrun. Exploitation requires that the attacker is able to provide the target server name to the PROXY-CONNECT address in the command line. This can happen for example in scripts that receive data from untrusted sources. Discovery 2014-01-24 Entry 2014-01-29 socat < 1.7.2.3 CVE-2014-0019 http://www.dest-unreach.org/socat/contrib/socat-secadv5.txt
6d87c2e9-c64d-11e2-9c22-50465d9ff992	socat -- FD leak Gerhard Rieger reports: Under certain circumstances an FD leak occurs and can be misused for denial of service attacks against socat running in server mode. Discovery 2013-05-26 Entry 2013-05-26 socat < 1.7.2.2 CVE-2013-3571 http://seclists.org/oss-sec/2013/q2/411

VuXML ID

Description

6601127c-9e09-11e1-b5e0-000c299b62e1

socat -- Heap-based buffer overflow

The socat development team reports:

This vulnerability can be exploited when socat is invoked with the READLINE address (this is usually only used interactively) without option "prompt" and without option "noprompt" and an attacker succeeds to provide malicious data to the other (arbitrary) address that is then transferred by socat to the READLINE address for output.

Successful exploitation may allow an attacker to execute arbitrary code with the privileges of the socat process.

Discovery 2012-05-14
Entry 2012-05-14
socat

< 1.7.2.1

CVE-2012-0219
www.dest-unreach.org/socat/contrib/socat-secadv3.html

a4c9e12d-88b7-11e3-8ada-10bf48e1088e

socat -- buffer overflow with data from command line

Florian Weimer of the Red Hat Product Security Team reports:

Due to a missing check during assembly of the HTTP request line a long target server name in the PROXY-CONNECT address can cause a stack buffer overrun. Exploitation requires that the attacker is able to provide the target server name to the PROXY-CONNECT address in the command line. This can happen for example in scripts that receive data from untrusted sources.

Discovery 2014-01-24
Entry 2014-01-29
socat

< 1.7.2.3

CVE-2014-0019
http://www.dest-unreach.org/socat/contrib/socat-secadv5.txt

6d87c2e9-c64d-11e2-9c22-50465d9ff992

socat -- FD leak

Gerhard Rieger reports:

Under certain circumstances an FD leak occurs and can be misused for denial of service attacks against socat running in server mode.

Discovery 2013-05-26
Entry 2013-05-26
socat

< 1.7.2.2

CVE-2013-3571
http://seclists.org/oss-sec/2013/q2/411