FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

socat -- buffer overflow with data from command line

Affected packages
socat < 1.7.2.3

Details

VuXML ID a4c9e12d-88b7-11e3-8ada-10bf48e1088e
Discovery 2014-01-24
Entry 2014-01-29

Florian Weimer of the Red Hat Product Security Team reports:

Due to a missing check during assembly of the HTTP request line a long target server name in the PROXY-CONNECT address can cause a stack buffer overrun. Exploitation requires that the attacker is able to provide the target server name to the PROXY-CONNECT address in the command line. This can happen for example in scripts that receive data from untrusted sources.

References

CVE Name CVE-2014-0019
URL http://www.dest-unreach.org/socat/contrib/socat-secadv5.txt