Florian Weimer of the Red Hat Product Security Team discovered a denial of service flaw in socat. Due to a missing check during assembly of the HTTP request line a long target server name (<hostname> in the documentation) of the PROXY-CONNECT address can cause a stack buffer overrun. Exploitation requires that the attacker is able to provide the target server name to the PROXY-CONNECT address in the command line. This can happen for example in scripts that receive data from untrusted sources.
This flaw affects socat versions 1.3.0.0 through to 1.7.2.2; it is corrected in 1.7.2.3.
Acknowledgements:
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
Statement:
The Red Hat Security Response Team has rated this issue as having Low security impact on OpenShift Enterprise, a future update may address this flaw.