OpenCVE

Stack-based buffer overflow in the nestlex function in nestlex.c in Socat 1.5.0.0 through 1.7.1.2 and 2.0.0-b1 through 2.0.0-b3, when bidirectional data relay is enabled, allows context-dependent attackers to execute arbitrary code via long command-line arguments.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dest-unreach	Socat

Configuration 1 [-]

OR	cpe:2.3:a:dest-unreach:socat:1.5.0.0:::::::*
	cpe:2.3:a:dest-unreach:socat:1.6.0.0:::::::*
	cpe:2.3:a:dest-unreach:socat:1.6.0.1:::::::*
	cpe:2.3:a:dest-unreach:socat:1.7.0.0:::::::*
	cpe:2.3:a:dest-unreach:socat:1.7.0.1:::::::*
	cpe:2.3:a:dest-unreach:socat:1.7.1.0:::::::*
	cpe:2.3:a:dest-unreach:socat:1.7.1.1:::::::*
	cpe:2.3:a:dest-unreach:socat:2.0.0:b1::::::
	cpe:2.3:a:dest-unreach:socat:2.0.0:b2::::::
	cpe:2.3:a:dest-unreach:socat:2.0.0:b3::::::

No data.

References

Link	Providers
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=591443
http://bugs.gentoo.org/show_bug.cgi?id=330785
http://www.debian.org/security/2010/dsa-2090
http://www.dest-unreach.org/socat/contrib/socat-secadv2.html
http://www.dest-unreach.org/socat/download/socat-1.7.1.3.patch
https://bugzilla.redhat.com/show_bug.cgi?id=620426
https://github.com/msmania/poodim/commit/6340d5d2c81e55e61522c4b40a6cdd5c39738cc6

History

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		https://github.com/msmania/poodim/commit/6340d5d2c81e55e61522c4b40a6cdd5c39738cc6

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2010-09-14T20:03:00Z

Updated: 2024-09-25T22:46:51.804Z

Reserved: 2010-07-22T00:00:00Z

Link: CVE-2010-2799

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-09-14T21:00:01.703

Modified: 2024-11-21T01:17:23.980

Link: CVE-2010-2799

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the nestlex function in nestlex.c in Socat 1.5.0.0 through 1.7.1.2 and 2.0.0-b1 through 2.0.0-b3, when bidirectional data relay is enabled, allows context-dependent attackers to execute arbitrary code via long command-line arguments."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2010-09-14T20:03:00Z"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=620426"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.dest-unreach.org/socat/download/socat-1.7.1.3.patch"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.dest-unreach.org/socat/contrib/socat-secadv2.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=330785"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=591443"}, {"name": "DSA-2090", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2010/dsa-2090"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-09-25T22:46:51.804Z"}, "references": [{"url": "https://github.com/msmania/poodim/commit/6340d5d2c81e55e61522c4b40a6cdd5c39738cc6"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=620426"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.dest-unreach.org/socat/download/socat-1.7.1.3.patch"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.dest-unreach.org/socat/contrib/socat-secadv2.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=330785"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=591443"}, {"name": "DSA-2090", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2010/dsa-2090"}], "title": "CVE Program Container", "x_generator": {"engine": "ADPogram 0.0.1"}}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-2799", "state": "PUBLISHED", "dateReserved": "2010-07-22T00:00:00Z", "datePublished": "2010-09-14T20:03:00Z", "dateUpdated": "2024-09-25T22:46:51.804Z"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dest-unreach:socat:1.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "43189B21-C2E3-4066-82A1-456344B10131", "vulnerable": true}, {"criteria": "cpe:2.3:a:dest-unreach:socat:1.6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "15DA6703-CECF-4456-B8F6-18888629C122", "vulnerable": true}, {"criteria": "cpe:2.3:a:dest-unreach:socat:1.6.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "6320B213-6E09-4A64-9C44-3565A6006C74", "vulnerable": true}, {"criteria": "cpe:2.3:a:dest-unreach:socat:1.7.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "4C577A55-72B0-4F75-B7A3-558DBF2B7BFD", "vulnerable": true}, {"criteria": "cpe:2.3:a:dest-unreach:socat:1.7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "34FFD979-165A-4465-8CCD-BA6CCEDC0016", "vulnerable": true}, {"criteria": "cpe:2.3:a:dest-unreach:socat:1.7.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B7B050A1-ECDE-47E8-8B7D-6AFD3923BA49", "vulnerable": true}, {"criteria": "cpe:2.3:a:dest-unreach:socat:1.7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "D82983A5-0BBF-4131-AF82-1036FAFC0ABF", "vulnerable": true}, {"criteria": "cpe:2.3:a:dest-unreach:socat:2.0.0:b1:*:*:*:*:*:*", "matchCriteriaId": "7BE19927-5110-4C8D-8E3E-C075CA61023B", "vulnerable": true}, {"criteria": "cpe:2.3:a:dest-unreach:socat:2.0.0:b2:*:*:*:*:*:*", "matchCriteriaId": "9F7C7910-5259-40D9-848D-402017952540", "vulnerable": true}, {"criteria": "cpe:2.3:a:dest-unreach:socat:2.0.0:b3:*:*:*:*:*:*", "matchCriteriaId": "3E50A8D8-00A8-4578-85ED-C3A11A9CA955", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the nestlex function in nestlex.c in Socat 1.5.0.0 through 1.7.1.2 and 2.0.0-b1 through 2.0.0-b3, when bidirectional data relay is enabled, allows context-dependent attackers to execute arbitrary code via long command-line arguments."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n nestlex en nestlex.c en Socat 1.5.0.0 a 1.7.1.2 y 2.0.0-b1 a 2.0.0-b3, cuando el reenv\u00edo bidireccional de datos est\u00e1 habilitado, permite a atacantes dependientes del contexto ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de argumentos de l\u00ednea de comandos largos."}], "id": "CVE-2010-2799", "lastModified": "2024-11-21T01:17:23.980", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-09-14T21:00:01.703", "references": [{"source": "secalert@redhat.com", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=591443"}, {"source": "secalert@redhat.com", "url": "http://bugs.gentoo.org/show_bug.cgi?id=330785"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2010/dsa-2090"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.dest-unreach.org/socat/contrib/socat-secadv2.html"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.dest-unreach.org/socat/download/socat-1.7.1.3.patch"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=620426"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=591443"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.gentoo.org/show_bug.cgi?id=330785"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2010/dsa-2090"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.dest-unreach.org/socat/contrib/socat-secadv2.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.dest-unreach.org/socat/download/socat-1.7.1.3.patch"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=620426"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/msmania/poodim/commit/6340d5d2c81e55e61522c4b40a6cdd5c39738cc6"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}