Red Hat Bugzilla – Bug 1303887
socat: Stack overflow vulnerability in parser
Last modified: 2016-12-01 13:08:48 EST
A stack overflow vulnerability was found that can be triggered when command line arguments (complete address specifications, host names, file names) are longer than 512 bytes. Successful exploitation might allow an attacker to execute arbitrary code with the privileges of the socat process. This vulnerability can only be exploited when an attacker is able to inject data into socat's command line. A vulnerable scenario would be a CGI script that reads data from clients and uses (parts of) this data as hostname for a Socat invocation.
22.214.171.124 - 126.96.36.199
2.0.0-b1 - 2.0.0-b8
Created socat tracking bugs for this issue:
Affects: fedora-all [bug 1303888]
Affects: epel-all [bug 1303889]
Overflow is triggered by long command line arguments. While these may be based on untrusted input, they typically are not. There's currently no plan to correct this in Red Hat Enterprise Linux. The fix may be added if the component is updated to fixed upstream version in future updates.