FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  484934
Date:      2018-11-14
Time:      17:54:24Z
Committer: madpilot

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
6601127c-9e09-11e1-b5e0-000c299b62e1socat -- Heap-based buffer overflow

The socat development team reports:

This vulnerability can be exploited when socat is invoked with the READLINE address (this is usually only used interactively) without option "prompt" and without option "noprompt" and an attacker succeeds to provide malicious data to the other (arbitrary) address that is then transferred by socat to the READLINE address for output.

Successful exploitation may allow an attacker to execute arbitrary code with the privileges of the socat process.


Discovery 2012-05-14
Entry 2012-05-14
socat
lt 1.7.2.1

CVE-2012-0219
www.dest-unreach.org/socat/contrib/socat-secadv3.html
f3017ce1-32a4-11d9-a9e7-0001020eed82socat -- format string vulnerability

Socat Security Advisory 1 states:

socat up to version 1.4.0.2 contains a syslog() based format string vulnerability. This issue was originally reported by CoKi on 19 Oct.2004 http://www.nosystem.com.ar/advisories/advisory-07.txt. Further investigation showed that this vulnerability could under some circumstances lead to local or remote execution of arbitrary code with the privileges of the socat process.


Discovery 2004-10-18
Entry 2004-11-10
socat
lt 1.4.0.3

http://www.dest-unreach.org/socat/advisory/socat-adv-1.html
http://www.nosystem.com.ar/advisories/advisory-07.txt
6601127c-9e09-11e1-b5e0-000c299b62e1socat -- Heap-based buffer overflow

The socat development team reports:

This vulnerability can be exploited when socat is invoked with the READLINE address (this is usually only used interactively) without option "prompt" and without option "noprompt" and an attacker succeeds to provide malicious data to the other (arbitrary) address that is then transferred by socat to the READLINE address for output.

Successful exploitation may allow an attacker to execute arbitrary code with the privileges of the socat process.


Discovery 2012-05-14
Entry 2012-05-14
socat
lt 1.7.2.1

CVE-2012-0219
www.dest-unreach.org/socat/contrib/socat-secadv3.html
f3017ce1-32a4-11d9-a9e7-0001020eed82socat -- format string vulnerability

Socat Security Advisory 1 states:

socat up to version 1.4.0.2 contains a syslog() based format string vulnerability. This issue was originally reported by CoKi on 19 Oct.2004 http://www.nosystem.com.ar/advisories/advisory-07.txt. Further investigation showed that this vulnerability could under some circumstances lead to local or remote execution of arbitrary code with the privileges of the socat process.


Discovery 2004-10-18
Entry 2004-11-10
socat
lt 1.4.0.3

http://www.dest-unreach.org/socat/advisory/socat-adv-1.html
http://www.nosystem.com.ar/advisories/advisory-07.txt
6d87c2e9-c64d-11e2-9c22-50465d9ff992socat -- FD leak

Gerhard Rieger reports:

Under certain circumstances an FD leak occurs and can be misused for denial of service attacks against socat running in server mode.


Discovery 2013-05-26
Entry 2013-05-26
socat
lt 1.7.2.2

CVE-2013-3571
http://seclists.org/oss-sec/2013/q2/411
a4c9e12d-88b7-11e3-8ada-10bf48e1088esocat -- buffer overflow with data from command line

Florian Weimer of the Red Hat Product Security Team reports:

Due to a missing check during assembly of the HTTP request line a long target server name in the PROXY-CONNECT address can cause a stack buffer overrun. Exploitation requires that the attacker is able to provide the target server name to the PROXY-CONNECT address in the command line. This can happen for example in scripts that receive data from untrusted sources.


Discovery 2014-01-24
Entry 2014-01-29
socat
lt 1.7.2.3

CVE-2014-0019
http://www.dest-unreach.org/socat/contrib/socat-secadv5.txt