CVE-2015-1379
published 2017-06-08CVE-2015-1379: The signal handler implementations in socat before 1.7.3.0 and 2.0.0-b8 allow remote attackers to cause a denial of service (process freeze or crash).
PriorityP335high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
3.93%
89.1th percentile
The signal handler implementations in socat before 1.7.3.0 and 2.0.0-b8 allow remote attackers to cause a denial of service (process freeze or crash).
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | socat | < socat 1.7.2.4-2 (bookworm) | socat 1.7.2.4-2 (bookworm) |
| dest-unreach | socat | <= 1.7.2.4 | — |
| dest-unreach | socat | — | — |
| dest-unreach | socat | >= 0 < 1.7.2.4-2 | 1.7.2.4-2 |
| dest-unreach | socat | >= 0 < 1.7.2.4-2 | 1.7.2.4-2 |
| dest-unreach | socat | >= 0 < 1.7.2.4-2 | 1.7.2.4-2 |
| dest-unreach | socat | >= 0 < 1.7.2.4-2 | 1.7.2.4-2 |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mhm8-j49g-j7wp: The signal handler implementations in socat before 1
ghsa_unreviewed·2022-05-17
CVE-2015-1379 [HIGH] CWE-20 GHSA-mhm8-j49g-j7wp: The signal handler implementations in socat before 1
The signal handler implementations in socat before 1.7.3.0 and 2.0.0-b8 allow remote attackers to cause a denial of service (process freeze or crash).
OSV
CVE-2015-1379: The signal handler implementations in socat before 1
osv·2017-06-08·CVSS 7.5
CVE-2015-1379 [HIGH] CVE-2015-1379: The signal handler implementations in socat before 1
The signal handler implementations in socat before 1.7.3.0 and 2.0.0-b8 allow remote attackers to cause a denial of service (process freeze or crash).
Red Hat
socat: possible DoS with fork
vendor_redhat·2015-01-24·CVSS 7.5
CVE-2015-1379 [HIGH] CWE-364 socat: possible DoS with fork
socat: possible DoS with fork
The signal handler implementations in socat before 1.7.3.0 and 2.0.0-b8 allow remote attackers to cause a denial of service (process freeze or crash).
Statement: Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Package: socat (Red Hat Enterprise Linux 7) - Will not fix
Package: socat (Red Hat OpenShift Enterprise 2) - Will not fix
Debian
CVE-2015-1379: socat - The signal handler implementations in socat before 1.7.3.0 and 2.0.0-b8 allow re...
vendor_debian·2015·CVSS 7.5
CVE-2015-1379 [HIGH] CVE-2015-1379: socat - The signal handler implementations in socat before 1.7.3.0 and 2.0.0-b8 allow re...
The signal handler implementations in socat before 1.7.3.0 and 2.0.0-b8 allow remote attackers to cause a denial of service (process freeze or crash).
Scope: local
bookworm: resolved (fixed in 1.7.2.4-2)
bullseye: resolved (fixed in 1.7.2.4-2)
forky: resolved (fixed in 1.7.2.4-2)
sid: resolved (fixed in 1.7.2.4-2)
trixie: resolved (fixed in 1.7.2.4-2)
No detection rules found.
No public exploits indexed.
http://www.dest-unreach.org/socat/http://www.openwall.com/lists/oss-security/2015/01/27/19http://www.openwall.com/lists/oss-security/2015/04/06/4http://www.securityfocus.com/bid/72321https://bugzilla.redhat.com/show_bug.cgi?id=1185711http://www.dest-unreach.org/socat/http://www.openwall.com/lists/oss-security/2015/01/27/19http://www.openwall.com/lists/oss-security/2015/04/06/4http://www.securityfocus.com/bid/72321https://bugzilla.redhat.com/show_bug.cgi?id=1185711
2017-06-08
Published