FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-25 11:22:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
a4c9e12d-88b7-11e3-8ada-10bf48e1088e	socat -- buffer overflow with data from command line Florian Weimer of the Red Hat Product Security Team reports: Due to a missing check during assembly of the HTTP request line a long target server name in the PROXY-CONNECT address can cause a stack buffer overrun. Exploitation requires that the attacker is able to provide the target server name to the PROXY-CONNECT address in the command line. This can happen for example in scripts that receive data from untrusted sources. Discovery 2014-01-24 Entry 2014-01-29 socat < 1.7.2.3 CVE-2014-0019 http://www.dest-unreach.org/socat/contrib/socat-secadv5.txt

VuXML ID

Description

a4c9e12d-88b7-11e3-8ada-10bf48e1088e

socat -- buffer overflow with data from command line

Florian Weimer of the Red Hat Product Security Team reports:

Due to a missing check during assembly of the HTTP request line a long target server name in the PROXY-CONNECT address can cause a stack buffer overrun. Exploitation requires that the attacker is able to provide the target server name to the PROXY-CONNECT address in the command line. This can happen for example in scripts that receive data from untrusted sources.

Discovery 2014-01-24
Entry 2014-01-29
socat

< 1.7.2.3

CVE-2014-0019
http://www.dest-unreach.org/socat/contrib/socat-secadv5.txt