CVE-2010-2799
published 2010-09-14CVE-2010-2799: Stack-based buffer overflow in the nestlex function in nestlex.c in Socat 1.5.0.0 through 1.7.1.2 and 2.0.0-b1 through 2.0.0-b3, when bidirectional data relay…
PriorityP434medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
2.75%
84.4th percentile
Stack-based buffer overflow in the nestlex function in nestlex.c in Socat 1.5.0.0 through 1.7.1.2 and 2.0.0-b1 through 2.0.0-b3, when bidirectional data relay is enabled, allows context-dependent attackers to execute arbitrary code via long command-line arguments.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | socat | < socat 1.7.1.3-1 (bookworm) | socat 1.7.1.3-1 (bookworm) |
| dest-unreach | socat | — | — |
| dest-unreach | socat | — | — |
| dest-unreach | socat | — | — |
| dest-unreach | socat | — | — |
| dest-unreach | socat | — | — |
| dest-unreach | socat | — | — |
| dest-unreach | socat | — | — |
| dest-unreach | socat | — | — |
| dest-unreach | socat | >= 0 < 1.7.1.3-1 | 1.7.1.3-1 |
| dest-unreach | socat | >= 0 < 1.7.1.3-1 | 1.7.1.3-1 |
| dest-unreach | socat | >= 0 < 1.7.1.3-1 | 1.7.1.3-1 |
| dest-unreach | socat | >= 0 < 1.7.1.3-1 | 1.7.1.3-1 |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4qqf-vxv4-9698: Stack-based buffer overflow in the nestlex function in nestlex
ghsa_unreviewed·2022-05-17
CVE-2010-2799 [MEDIUM] CWE-119 GHSA-4qqf-vxv4-9698: Stack-based buffer overflow in the nestlex function in nestlex
Stack-based buffer overflow in the nestlex function in nestlex.c in Socat 1.5.0.0 through 1.7.1.2 and 2.0.0-b1 through 2.0.0-b3, when bidirectional data relay is enabled, allows context-dependent attackers to execute arbitrary code via long command-line arguments.
OSV
CVE-2010-2799: Stack-based buffer overflow in the nestlex function in nestlex
osv·2010-09-14·CVSS 6.8
CVE-2010-2799 [MEDIUM] CVE-2010-2799: Stack-based buffer overflow in the nestlex function in nestlex
Stack-based buffer overflow in the nestlex function in nestlex.c in Socat 1.5.0.0 through 1.7.1.2 and 2.0.0-b1 through 2.0.0-b3, when bidirectional data relay is enabled, allows context-dependent attackers to execute arbitrary code via long command-line arguments.
Debian
CVE-2010-2799: socat - Stack-based buffer overflow in the nestlex function in nestlex.c in Socat 1.5.0....
vendor_debian·2010·CVSS 6.8
CVE-2010-2799 [MEDIUM] CVE-2010-2799: socat - Stack-based buffer overflow in the nestlex function in nestlex.c in Socat 1.5.0....
Stack-based buffer overflow in the nestlex function in nestlex.c in Socat 1.5.0.0 through 1.7.1.2 and 2.0.0-b1 through 2.0.0-b3, when bidirectional data relay is enabled, allows context-dependent attackers to execute arbitrary code via long command-line arguments.
Scope: local
bookworm: resolved (fixed in 1.7.1.3-1)
bullseye: resolved (fixed in 1.7.1.3-1)
forky: resolved (fixed in 1.7.1.3-1)
sid: resolved (fixed in 1.7.1.3-1)
trixie: resolved (fixed in 1.7.1.3-1)
No detection rules found.
Bugzilla
CVE-2010-2799 Socat: Stack overflow by lexical scanning of nested character patterns [fedora-all]
bugzilla·2010-08-02·CVSS 6.8
CVE-2010-2799 [MEDIUM] CVE-2010-2799 Socat: Stack overflow by lexical scanning of nested character patterns [fedora-all]
CVE-2010-2799 Socat: Stack overflow by lexical scanning of nested character patterns [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=620426
Please note: this
Bugzilla
CVE-2010-2799 Socat: Stack overflow by lexical scanning of nested character patterns
bugzilla·2010-08-02·CVSS 6.8
CVE-2010-2799 [MEDIUM] CVE-2010-2799 Socat: Stack overflow by lexical scanning of nested character patterns
CVE-2010-2799 Socat: Stack overflow by lexical scanning of nested character patterns
Socat upstream, released an advisory:
[1] http://www.dest-unreach.org/socat/contrib/socat-secadv2.html
describing a stack overflow flaw, present in Socat bidirectional data
relay, when processing command line arguments (address specifications,
host names, file names), longer than 512 bytes. An attacker, able to
inject data into sockat's command line (potentially remotely via CGI
script invocation), could use this flaw to execute arbitrary code with
the privileges of the socat process.
References:
[2] http://bugs.gentoo.org/show_bug.cgi?id=330785
Upstream patch against v1.7.2:
[3] http://www.dest-unreach.org/socat/download/socat-1.7.1.3.patch
Credit:
Issue discovered and reported by Felix Gröbert of Go
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=591443http://bugs.gentoo.org/show_bug.cgi?id=330785http://www.debian.org/security/2010/dsa-2090http://www.dest-unreach.org/socat/contrib/socat-secadv2.htmlhttp://www.dest-unreach.org/socat/download/socat-1.7.1.3.patchhttps://bugzilla.redhat.com/show_bug.cgi?id=620426http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=591443http://bugs.gentoo.org/show_bug.cgi?id=330785http://www.debian.org/security/2010/dsa-2090http://www.dest-unreach.org/socat/contrib/socat-secadv2.htmlhttp://www.dest-unreach.org/socat/download/socat-1.7.1.3.patchhttps://bugzilla.redhat.com/show_bug.cgi?id=620426https://github.com/msmania/poodim/commit/6340d5d2c81e55e61522c4b40a6cdd5c39738cc6
2010-09-14
Published