CVE-2015-1379

Published: Jun 8, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The signal handler implementations in socat before 1.7.3.0 and 2.0.0-b8 allow remote attackers to cause a denial of service (process freeze or crash).

Affected (2)

Products: Dest Unreach: Socat

Dest Unreach

1 product

Socat

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Dest Unreach Socat	Up to 1.7.2.4
Dest Unreach Socat	Version 2.0.0-b8

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (10)

http://www.dest-unreach.org/socat/

Source: cve@mitre.org

PatchVendor Advisory

http://www.openwall.com/lists/oss-security/2015/01/27/19

Source: cve@mitre.org

Mailing ListPatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2015/04/06/4

Source: cve@mitre.org

Mailing ListPatchThird Party Advisory

http://www.securityfocus.com/bid/72321

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1185711

Source: cve@mitre.org

Issue TrackingPatchThird Party AdvisoryVDB Entry

http://www.dest-unreach.org/socat/