CVE-2013-3571
published 2014-05-08CVE-2013-3571: socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause…
PriorityP412low2.6CVSS 2.0
AVNACHAuNCNINAP
EPSS
2.06%
79.0th percentile
socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service (file descriptor consumption) via multiple request that are refused based on the (1) sourceport, (2) lowport, (3) range, or (4) tcpwrap restrictions.
Affected
32 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | socat | < socat 1.7.1.3-1.5 (bookworm) | socat 1.7.1.3-1.5 (bookworm) |
| dest-unreach | socat | — | — |
| dest-unreach | socat | — | — |
| dest-unreach | socat | — | — |
| dest-unreach | socat | — | — |
| dest-unreach | socat | — | — |
| dest-unreach | socat | — | — |
| dest-unreach | socat | — | — |
| dest-unreach | socat | — | — |
| dest-unreach | socat | — | — |
| dest-unreach | socat | — | — |
| dest-unreach | socat | — | — |
| dest-unreach | socat | — | — |
| dest-unreach | socat | — | — |
| dest-unreach | socat | — | — |
| dest-unreach | socat | — | — |
| dest-unreach | socat | — | — |
| dest-unreach | socat | — | — |
| dest-unreach | socat | — | — |
| dest-unreach | socat | — | — |
| dest-unreach | socat | — | — |
| dest-unreach | socat | — | — |
| dest-unreach | socat | — | — |
| dest-unreach | socat | — | — |
| dest-unreach | socat | — | — |
CVSS provenance
nvdv2.02.6LOWAV:N/AC:H/Au:N/C:N/I:N/A:P
osv2.6LOW
vendor_debian2.6LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2qp2-pf59-94fr: socat 1
ghsa_unreviewed·2022-05-17
CVE-2013-3571 [LOW] GHSA-2qp2-pf59-94fr: socat 1
socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service (file descriptor consumption) via multiple request that are refused based on the (1) sourceport, (2) lowport, (3) range, or (4) tcpwrap restrictions.
OSV
CVE-2013-3571: socat 1
osv·2014-05-08·CVSS 2.6
CVE-2013-3571 [LOW] CVE-2013-3571: socat 1
socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service (file descriptor consumption) via multiple request that are refused based on the (1) sourceport, (2) lowport, (3) range, or (4) tcpwrap restrictions.
Debian
CVE-2013-3571: socat - socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a liste...
vendor_debian·2013·CVSS 2.6
CVE-2013-3571 [LOW] CVE-2013-3571: socat - socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a liste...
socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service (file descriptor consumption) via multiple request that are refused based on the (1) sourceport, (2) lowport, (3) range, or (4) tcpwrap restrictions.
Scope: local
bookworm: resolved (fixed in 1.7.1.3-1.5)
bullseye: resolved (fixed in 1.7.1.3-1.5)
forky: resolved (fixed in 1.7.1.3-1.5)
sid: resolved (fixed in 1.7.1.3-1.5)
trixie: resolved (fixed in 1.7.1.3-1.5)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2013-3571 socat: Denial of service due to file descriptor leak [fedora-all]
bugzilla·2013-05-27·CVSS 2.6
CVE-2013-3571 [LOW] CVE-2013-3571 socat: Denial of service due to file descriptor leak [fedora-all]
CVE-2013-3571 socat: Denial of service due to file descriptor leak [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue a
Bugzilla
CVE-2013-3571 socat: Denial of service due to file descriptor leak [epel-all]
bugzilla·2013-05-27·CVSS 2.6
CVE-2013-3571 [LOW] CVE-2013-3571 socat: Denial of service due to file descriptor leak [epel-all]
CVE-2013-3571 socat: Denial of service due to file descriptor leak [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issu
Bugzilla
CVE-2013-3571 socat: Denial of service due to file descriptor leak
bugzilla·2013-05-26·CVSS 2.6
CVE-2013-3571 [LOW] CVE-2013-3571 socat: Denial of service due to file descriptor leak
CVE-2013-3571 socat: Denial of service due to file descriptor leak
From oss-security mailing list:
Socat security advisory - FD leak
Overview
Under certain circumstances an FD leak occurs and can be misused for
denial of service attacks against socat running in server mode.
Vulnerability Id: CVE-2013-3571
Details
The issue occurs when a vulnerable version of socat is invoked with a
listen type address with option fork and one or more of the options
sourceport, lowport, range, or tcpwrap. When socat refuses a client
connection due to one of these address or port restrictions it does
shutdown() the socket but does not close() it, resulting in a file
descriptor leak in the listening process, visible with command lsof
and possibly resulting in error EMFILE "Too many open files".
Testcase
http://www.dest-unreach.org/socat/contrib/socat-secadv4.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2013:169http://www.openwall.com/lists/oss-security/2013/05/26/1http://www.dest-unreach.org/socat/contrib/socat-secadv4.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2013:169http://www.openwall.com/lists/oss-security/2013/05/26/1
2014-05-08
Published