CVE Vulnerabilities

CVE-2004-1484

Published: Dec 31, 2004 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

Format string vulnerability in the _msg function in error.c in socat 1.4.0.3 and earlier, when used as an HTTP proxy client and run with the -ly option, allows remote attackers or local users to execute arbitrary code via format string specifiers in a syslog message.

Affected Software

Name Vendor Start Version End Version
Socat Socat 1.0.3.0 (including) 1.0.3.0 (including)
Socat Socat 1.0.4.0 (including) 1.0.4.0 (including)
Socat Socat 1.0.4.1 (including) 1.0.4.1 (including)
Socat Socat 1.0.4.2 (including) 1.0.4.2 (including)
Socat Socat 1.1.0.0 (including) 1.1.0.0 (including)
Socat Socat 1.1.0.1 (including) 1.1.0.1 (including)
Socat Socat 1.2.0.0 (including) 1.2.0.0 (including)
Socat Socat 1.3.0.0 (including) 1.3.0.0 (including)
Socat Socat 1.3.0.1 (including) 1.3.0.1 (including)
Socat Socat 1.3.1.0 (including) 1.3.1.0 (including)
Socat Socat 1.3.2.0 (including) 1.3.2.0 (including)
Socat Socat 1.3.2.1 (including) 1.3.2.1 (including)
Socat Socat 1.3.2.2 (including) 1.3.2.2 (including)
Socat Socat 1.4.0.0 (including) 1.4.0.0 (including)
Socat Socat 1.4.0.1 (including) 1.4.0.1 (including)
Socat Socat 1.4.0.2 (including) 1.4.0.2 (including)

References