A buffer overflow in socat might allow remote attackers to execute arbitrary code.
Package | net-misc/socat on all architectures |
---|---|
Affected versions | < 1.7.2.1 |
Unaffected versions | >= 1.7.2.1 |
socat is a multipurpose bidirectional relay, similar to netcat.
A vulnerability in the "xioscan_readline()" function in xio-readline.c could cause a heap-based buffer overflow.
A remote attacker could possibly execute arbitrary code with the privileges of the socat process.
There is no known workaround at this time.
All socat users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/socat-1.7.2.1"
Release date
August 14, 2012
Latest revision
August 14, 2012: 1
Severity
high
Exploitable
local, remote
Bugzilla entries