Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2010-2799

Published: 14/09/2010 Updated: 15/09/2010
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Stack-based buffer overflow in the nestlex function in nestlex.c in Socat 1.5.0.0 up to and including 1.7.1.2 and 2.0.0-b1 up to and including 2.0.0-b3, when bidirectional data relay is enabled, allows context-dependent malicious users to execute arbitrary code via long command-line arguments.

Vulnerable Product Search on Vulmon Subscribe to Product

dest-unreach socat 1.5.0.0

dest-unreach socat 1.6.0.0

dest-unreach socat 1.6.0.1

dest-unreach socat 1.7.0.0

dest-unreach socat 1.7.1.0

dest-unreach socat 2.0.0

dest-unreach socat 1.7.0.1

dest-unreach socat 1.7.1.1

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2010-2799: Stack overflow by lexical scanning of nested character patterns
Debian Bug report logs - #591443 CVE-2010-2799: Stack overflow by lexical scanning of nested character patterns Package: socat; Maintainer for socat is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Source for socat is src:socat (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Tue, 3 Aug 2010 ...
Debian Security Advisories: DSA-2090-1 socat -- incorrect user-input validation
A stack overflow vulnerability was found in socat that allows an attacker to execute arbitrary code with the privileges of the socat process This vulnerability can only be exploited when an attacker is able to inject more than 512 bytes of data into socat's argument A vulnerable scenario would be a CGI script that reads data from clients and uses ...

References

CWE-119https://bugzilla.redhat.com/show_bug.cgi?id=620426http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=591443http://bugs.gentoo.org/show_bug.cgi?id=330785http://www.dest-unreach.org/socat/download/socat-1.7.1.3.patchhttp://www.dest-unreach.org/socat/contrib/socat-secadv2.htmlhttp://www.debian.org/security/2010/dsa-2090https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=591443https://nvd.nist.govhttps://www.debian.org/security/./dsa-2090
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30043cameraCVE-2023-40404CVE-2024-2793client sideCVE-2024-4469CVE-2024-3565CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook