Main Vulnerability Database SB2015031301

SB2015031301 - Input validation error in socat (Alpine package)

Published: March 13, 2015

Security Bulletin ID SB2015031301

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2015-1379)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The signal handler implementations in socat before 1.7.3.0 and 2.0.0-b8 allow remote attackers to cause a denial of service (process freeze or crash).

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=9b6b7084a285fefd67cc8b61c202977e5664fb9c
https://git.alpinelinux.org/aports/commit/?id=bdc46f4579b06c8706d2dc0585099befe61670e7
https://git.alpinelinux.org/aports/commit/?id=555b6d32775959bf430153f78b9928c1fec0a046