{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-01-25T00:00:00", "descriptions": [{"lang": "en", "value": "The signal handler implementations in socat before 1.7.3.0 and 2.0.0-b8 allow remote attackers to cause a denial of service (process freeze or crash)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-06-08T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.dest-unreach.org/socat/"}, {"name": "[oss-security] 20150406 Socat security advisory 6 - Possible DoS with fork (update: CVE-Id: CVE-2015-1379; fix for version 2)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/04/06/4"}, {"name": "72321", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/72321"}, {"name": "[oss-security] 20150127 Re: Socat security advisory 6 - Possible DoS with fork", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/01/27/19"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185711"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-1379", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The signal handler implementations in socat before 1.7.3.0 and 2.0.0-b8 allow remote attackers to cause a denial of service (process freeze or crash)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.dest-unreach.org/socat/", "refsource": "CONFIRM", "url": "http://www.dest-unreach.org/socat/"}, {"name": "[oss-security] 20150406 Socat security advisory 6 - Possible DoS with fork (update: CVE-Id: CVE-2015-1379; fix for version 2)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/04/06/4"}, {"name": "72321", "refsource": "BID", "url": "http://www.securityfocus.com/bid/72321"}, {"name": "[oss-security] 20150127 Re: Socat security advisory 6 - Possible DoS with fork", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/01/27/19"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1185711", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185711"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T04:40:18.602Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.dest-unreach.org/socat/"}, {"name": "[oss-security] 20150406 Socat security advisory 6 - Possible DoS with fork (update: CVE-Id: CVE-2015-1379; fix for version 2)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/04/06/4"}, {"name": "72321", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/72321"}, {"name": "[oss-security] 20150127 Re: Socat security advisory 6 - Possible DoS with fork", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/01/27/19"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185711"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-1379", "datePublished": "2017-06-08T21:00:00", "dateReserved": "2015-01-27T00:00:00", "dateUpdated": "2024-08-06T04:40:18.602Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dest-unreach:socat:*:*:*:*:*:*:*:*", "matchCriteriaId": "88B415A1-B1B3-4845-A2ED-B0735AC4A5C2", "versionEndIncluding": "1.7.2.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:dest-unreach:socat:2.0.0-b8:*:*:*:*:*:*:*", "matchCriteriaId": "F2861C5A-DC2B-4A26-B691-9EA78218C503", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The signal handler implementations in socat before 1.7.3.0 and 2.0.0-b8 allow remote attackers to cause a denial of service (process freeze or crash)."}, {"lang": "es", "value": "Las implementaciones del manejador de se\u00f1al en socat, versiones anteriores a la 1.7.3.0 y a la 2.0.0-b8 permiten a atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo o ca\u00edda de proceso)."}], "id": "CVE-2015-1379", "lastModified": "2017-06-15T19:36:37.950", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-06-08T21:29:00.190", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.dest-unreach.org/socat/"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2015/01/27/19"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2015/04/06/4"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/72321"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185711"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "socat: possible DoS with fork", "id": "1185711", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185711"}, "csaw": false, "cvss": {"cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "status": "draft"}, "cwe": "CWE-364", "details": ["The signal handler implementations in socat before 1.7.3.0 and 2.0.0-b8 allow remote attackers to cause a denial of service (process freeze or crash)."], "name": "CVE-2015-1379", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "socat", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Will not fix", "package_name": "socat", "product_name": "Red Hat OpenShift Enterprise 2"}], "public_date": "2015-01-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-1379\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1379"], "statement": "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Low", "upstream_fix": "socat 1.7.3.0"}