cbcvebase.

Dest-Unreach Socat vulnerabilities

9 known vulnerabilities affecting dest-unreach/socat.

Total CVEs
9
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM4LOW2

Vulnerabilities

Page 1 of 1
CVE-2026-56123P3CRITICALCVSS 9.8≥ 1.8.0.0, < 1.8.1.22026-06-25
CVE-2026-56123 [CRITICAL] CWE-122 CVE-2026-56123: socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based buffer overflow vulnerability that allow socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based buffer overflow vulnerability that allows a malicious SOCKS5 proxy server to overwrite adjacent heap memory by exploiting a sign-extension flaw in the DOMAINNAME reply parser. During connection setup, the domain name length byte is read through a signed char field causing a negative bytes
nvd
CVE-2024-54661P3CRITICALCVSS 9.8≥ 1.6.0.0, < 1.8.0.2≥ 2.0.0-b1, ≤ 2.0.0-b92024-12-04
CVE-2024-54661 [CRITICAL] CWE-61 CVE-2024-54661: readline.sh in socat before1.8.0.2 relies on the /tmp/$USER/stderr2 file. readline.sh in socat before1.8.0.2 relies on the /tmp/$USER/stderr2 file.
nvdosv
CVE-2004-1484P4MEDIUMCVSS 5.0PoC≥ 0, < 1.4.0.3-12004-12-31
CVE-2004-1484 [MEDIUM] CVE-2004-1484: Format string vulnerability in the _msg function in error Format string vulnerability in the _msg function in error.c in socat 1.4.0.3 and earlier, when used as an HTTP proxy client and run with the -ly option, allows remote attackers or local users to execute arbitrary code via format string specifiers in a syslog message.
osv
CVE-2015-1379P3HIGHCVSS 7.5≤ 1.7.2.4v2.0.0-b82017-06-08
CVE-2015-1379 [HIGH] CWE-20 CVE-2015-1379: The signal handler implementations in socat before 1.7.3.0 and 2.0.0-b8 allow remote attackers to ca The signal handler implementations in socat before 1.7.3.0 and 2.0.0-b8 allow remote attackers to cause a denial of service (process freeze or crash).
nvdosv
CVE-2010-2799P4MEDIUMCVSS 6.8v1.5.0.0v1.6.0.0+6 more2010-09-14
CVE-2010-2799 [MEDIUM] CWE-119 CVE-2010-2799: Stack-based buffer overflow in the nestlex function in nestlex.c in Socat 1.5.0.0 through 1.7.1.2 an Stack-based buffer overflow in the nestlex function in nestlex.c in Socat 1.5.0.0 through 1.7.1.2 and 2.0.0-b1 through 2.0.0-b3, when bidirectional data relay is enabled, allows context-dependent attackers to execute arbitrary code via long command-line arguments.
nvdosv
CVE-2012-0219P4MEDIUMCVSS 6.2v1.4.0.0v1.4.0.1+16 more2012-06-21
CVE-2012-0219 [MEDIUM] CWE-119 CVE-2012-0219: Heap-based buffer overflow in the xioscan_readline function in xio-readline.c in socat 1.4.0.0 throu Heap-based buffer overflow in the xioscan_readline function in xio-readline.c in socat 1.4.0.0 through 1.7.2.0 and 2.0.0-b1 through 2.0.0-b4 allows local users to execute arbitrary code via the READLINE address.
nvdosv
CVE-2016-2217P4MEDIUMCVSS 5.3v1.7.3.0v2.0.02017-01-30
CVE-2016-2217 [MEDIUM] CWE-320 CVE-2016-2217: The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does not use a prime number for the The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does not use a prime number for the DH, which makes it easier for remote attackers to obtain the shared secret.
nvdosv
CVE-2013-3571P4LOWCVSS 2.6v1.2.0.0v1.3.0.0+25 more2014-05-08
CVE-2013-3571 [LOW] CVE-2013-3571: socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and t socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service (file descriptor consumption) via multiple request that are refused based on the (1) sourceport, (2) lowport, (3) range, or (4) tcpwrap restrictions.
nvdosv
CVE-2014-0019P4LOWCVSS 1.9v2.0.0v1.3.0.0+25 more2014-02-04
CVE-2014-0019 [LOW] CWE-119 CVE-2014-0019: Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows lo Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial of service (segmentation fault) via a long server name in the PROXY-CONNECT address in the command line.
nvdosv
Dest-Unreach Socat vulnerabilities | cvebase