CVE-2010-2799
socat - arbitrary code execution
EPSS 1.4%
Description
Stack-based buffer overflow in the nestlex function in nestlex.c in Socat 1.5.0.0 through 1.7.1.2 and 2.0.0-b1 through 2.0.0-b3, when bidirectional data relay is enabled, allows context-dependent attackers to execute arbitrary code via long command-line arguments.
How to fix CVE-2010-2799
To remediate CVE-2010-2799, upgrade the affected package to a fixed version below.
- Debian/socat—upgrade to 1.7.1.3-1 or later
- Debian/socat—upgrade to 1.6.0.1-1+lenny1 or later
Is CVE-2010-2799 being exploited?
Low — EPSS is 1.4%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.7.1.3-1
- from 0, < 1.6.0.1-1+lenny1