Format String Vulnerability in socat HTTP Proxy Client by Nophead
CVE-2004-1484

Currently unrated

Key Information:

Vendor

Socat

Status
Socat
Vendor
CVE Published:
31 December 2004

What is CVE-2004-1484?

The socat utility exhibits a format string vulnerability in the _msg function found in error.c. When socat is utilized as an HTTP proxy client with the -ly option enabled, the application is susceptible to crafted input that leads to arbitrary code execution through malicious format string specifiers included within syslog messages. This flaw poses significant risks to system integrity, allowing both remote attackers and local users to exploit the vulnerability. It is critical for users of affected versions to implement security measures to mitigate potential risks associated with this vulnerability.

References

http://www.nosystem.com.ar/advisories/advisory-07.txt
x_refsource_MISC
http://secunia.com/advisories/12936/
third-party-advisoryx_refsource_SECUNIA
http://www.dest-unreach.org/socat/advisory/socat-adv-1.html
x_refsource_CONFIRM

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.