Vulnerability Details : CVE-2014-0019
Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial of service (segmentation fault) via a long server name in the PROXY-CONNECT address in the command line.
Vulnerability category: OverflowMemory CorruptionDenial of service
Products affected by CVE-2014-0019
- cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:a:dest-unreach:socat:1.5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:dest-unreach:socat:1.6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:dest-unreach:socat:1.6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:dest-unreach:socat:1.7.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:dest-unreach:socat:1.7.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:dest-unreach:socat:2.0.0:b1:*:*:*:*:*:*
- cpe:2.3:a:dest-unreach:socat:2.0.0:b2:*:*:*:*:*:*
- cpe:2.3:a:dest-unreach:socat:2.0.0:b3:*:*:*:*:*:*
- cpe:2.3:a:dest-unreach:socat:1.7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:dest-unreach:socat:1.7.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:dest-unreach:socat:1.4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:dest-unreach:socat:1.4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:dest-unreach:socat:1.4.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:dest-unreach:socat:1.4.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:dest-unreach:socat:1.7.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:dest-unreach:socat:1.7.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:dest-unreach:socat:1.4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:dest-unreach:socat:1.7.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:dest-unreach:socat:1.4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:dest-unreach:socat:1.4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:dest-unreach:socat:2.0.0:b4:*:*:*:*:*:*
- cpe:2.3:a:dest-unreach:socat:2.0.0:b5:*:*:*:*:*:*
- cpe:2.3:a:dest-unreach:socat:1.3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:dest-unreach:socat:1.4.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:dest-unreach:socat:1.3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:dest-unreach:socat:1.7.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:dest-unreach:socat:1.3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:dest-unreach:socat:1.3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:dest-unreach:socat:1.3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:dest-unreach:socat:1.3.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:dest-unreach:socat:2.0.0:b6:*:*:*:*:*:*
- cpe:2.3:a:dest-unreach:socat:1.7.2.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-0019
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 8 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-0019
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
1.9
|
LOW | AV:L/AC:M/Au:N/C:N/I:N/A:P |
3.4
|
2.9
|
NIST |
CWE ids for CVE-2014-0019
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-0019
-
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128229.html
[SECURITY] Fedora 19 Update: socat-1.7.2.3-1.fc19Third Party Advisory
-
http://seclists.org/oss-sec/2014/q1/159
oss-sec: Socat security advisory 5 - PROXY-CONNECT address overflowPatch;Third Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-updates/2015-04/msg00043.html
openSUSE-SU-2015:0760-1: moderate: Security update for socatThird Party Advisory
-
http://www.securityfocus.com/bid/65201
socat PROXY-CONNECT Address Stack Buffer Overflow VulnerabilityThird Party Advisory;VDB Entry
-
http://www.dest-unreach.org/socat
socatPatch
-
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128190.html
[SECURITY] Fedora 20 Update: socat-1.7.2.3-1.fc20Third Party Advisory
-
http://www.dest-unreach.org/socat/contrib/socat-secadv5.txt
Third Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2014:033
mandriva.comBroken Link
Jump to