CVE-2014-0019

Description

Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial of service (segmentation fault) via a long server name in the PROXY-CONNECT address in the command line.

How to fix CVE-2014-0019

To remediate CVE-2014-0019, upgrade the affected package to a fixed version below.

• Debian/socat—upgrade to 1.7.2.3-1 or later

Is CVE-2014-0019 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1.7.2.3-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2014-0019