CVE-2010-2799
Severity CVSS v4.0:
Pending analysis
Type:
CWE-119
Buffer Errors
Publication date:
14/09/2010
Last modified:
11/04/2025
Description
Stack-based buffer overflow in the nestlex function in nestlex.c in Socat 1.5.0.0 through 1.7.1.2 and 2.0.0-b1 through 2.0.0-b3, when bidirectional data relay is enabled, allows context-dependent attackers to execute arbitrary code via long command-line arguments.
Impact
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:dest-unreach:socat:1.5.0.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:dest-unreach:socat:1.6.0.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:dest-unreach:socat:1.6.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:dest-unreach:socat:1.7.0.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:dest-unreach:socat:1.7.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:dest-unreach:socat:1.7.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:dest-unreach:socat:1.7.1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:dest-unreach:socat:2.0.0:b1:*:*:*:*:*:* | ||
| cpe:2.3:a:dest-unreach:socat:2.0.0:b2:*:*:*:*:*:* | ||
| cpe:2.3:a:dest-unreach:socat:2.0.0:b3:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=591443
- http://bugs.gentoo.org/show_bug.cgi?id=330785
- http://www.debian.org/security/2010/dsa-2090
- http://www.dest-unreach.org/socat/contrib/socat-secadv2.html
- http://www.dest-unreach.org/socat/download/socat-1.7.1.3.patch
- https://bugzilla.redhat.com/show_bug.cgi?id=620426
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=591443
- http://bugs.gentoo.org/show_bug.cgi?id=330785
- http://www.debian.org/security/2010/dsa-2090
- http://www.dest-unreach.org/socat/contrib/socat-secadv2.html
- http://www.dest-unreach.org/socat/download/socat-1.7.1.3.patch
- https://bugzilla.redhat.com/show_bug.cgi?id=620426
- https://github.com/msmania/poodim/commit/6340d5d2c81e55e61522c4b40a6cdd5c39738cc6