FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  485425
Date:      2018-11-20
Time:      10:23:04Z
Committer: krion

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
a4c9e12d-88b7-11e3-8ada-10bf48e1088esocat -- buffer overflow with data from command line

Florian Weimer of the Red Hat Product Security Team reports:

Due to a missing check during assembly of the HTTP request line a long target server name in the PROXY-CONNECT address can cause a stack buffer overrun. Exploitation requires that the attacker is able to provide the target server name to the PROXY-CONNECT address in the command line. This can happen for example in scripts that receive data from untrusted sources.


Discovery 2014-01-24
Entry 2014-01-29
socat
lt 1.7.2.3

CVE-2014-0019
http://www.dest-unreach.org/socat/contrib/socat-secadv5.txt
6d87c2e9-c64d-11e2-9c22-50465d9ff992socat -- FD leak

Gerhard Rieger reports:

Under certain circumstances an FD leak occurs and can be misused for denial of service attacks against socat running in server mode.


Discovery 2013-05-26
Entry 2013-05-26
socat
lt 1.7.2.2

CVE-2013-3571
http://seclists.org/oss-sec/2013/q2/411
6601127c-9e09-11e1-b5e0-000c299b62e1socat -- Heap-based buffer overflow

The socat development team reports:

This vulnerability can be exploited when socat is invoked with the READLINE address (this is usually only used interactively) without option "prompt" and without option "noprompt" and an attacker succeeds to provide malicious data to the other (arbitrary) address that is then transferred by socat to the READLINE address for output.

Successful exploitation may allow an attacker to execute arbitrary code with the privileges of the socat process.


Discovery 2012-05-14
Entry 2012-05-14
socat
lt 1.7.2.1

CVE-2012-0219
www.dest-unreach.org/socat/contrib/socat-secadv3.html
6601127c-9e09-11e1-b5e0-000c299b62e1socat -- Heap-based buffer overflow

The socat development team reports:

This vulnerability can be exploited when socat is invoked with the READLINE address (this is usually only used interactively) without option "prompt" and without option "noprompt" and an attacker succeeds to provide malicious data to the other (arbitrary) address that is then transferred by socat to the READLINE address for output.

Successful exploitation may allow an attacker to execute arbitrary code with the privileges of the socat process.


Discovery 2012-05-14
Entry 2012-05-14
socat
lt 1.7.2.1

CVE-2012-0219
www.dest-unreach.org/socat/contrib/socat-secadv3.html