SB2013052701 - Input validation error in socat (Alpine package)
Published: May 27, 2013
Security Bulletin ID
SB2013052701
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2013-3571)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service (file descriptor consumption) via multiple request that are refused based on the (1) sourceport, (2) lowport, (3) range, or (4) tcpwrap restrictions.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=2f6ffebd78b5da72015538bc9f5d4ec63f852595
- https://git.alpinelinux.org/aports/commit/?id=337ebba8c6452ad7ea9a7d0674580477c50ff0b4
- https://git.alpinelinux.org/aports/commit/?id=e283a36b4a0d81edf15e19c085666f446af7da59
- https://git.alpinelinux.org/aports/commit/?id=b9d344ff691b31bdf9a9e33d1937d0959bbbd72a