CVE-2010-2799 - Vulnerability Details - OpenCVE

Stack-based buffer overflow in the nestlex function in nestlex.c in Socat 1.5.0.0 through 1.7.1.2 and 2.0.0-b1 through 2.0.0-b3, when bidirectional data relay is enabled, allows context-dependent attackers to execute arbitrary code via long command-line arguments.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dest-unreach	Socat

Configuration 1 [-]

OR	cpe:2.3:a:dest-unreach:socat:1.5.0.0:::::::*
	cpe:2.3:a:dest-unreach:socat:1.6.0.0:::::::*
	cpe:2.3:a:dest-unreach:socat:1.6.0.1:::::::*
	cpe:2.3:a:dest-unreach:socat:1.7.0.0:::::::*
	cpe:2.3:a:dest-unreach:socat:1.7.0.1:::::::*
	cpe:2.3:a:dest-unreach:socat:1.7.1.0:::::::*
	cpe:2.3:a:dest-unreach:socat:1.7.1.1:::::::*
	cpe:2.3:a:dest-unreach:socat:2.0.0:b1::::::
	cpe:2.3:a:dest-unreach:socat:2.0.0:b2::::::
	cpe:2.3:a:dest-unreach:socat:2.0.0:b3::::::

No data.

References

Link	Providers
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=591443
http://bugs.gentoo.org/show_bug.cgi?id=330785
http://www.debian.org/security/2010/dsa-2090
http://www.dest-unreach.org/socat/contrib/socat-secadv2.html
http://www.dest-unreach.org/socat/download/socat-1.7.1.3.patch
https://bugzilla.redhat.com/show_bug.cgi?id=620426
https://github.com/msmania/poodim/commit/6340d5d2c81e55e61522c4b40a6cdd5c39738cc6

History

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		https://github.com/msmania/poodim/commit/6340d5d2c81e55e61522c4b40a6cdd5c39738cc6

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2010-09-14T20:03:00Z

Updated: 2024-09-25T22:46:51.804Z

Reserved: 2010-07-22T00:00:00Z

Link: CVE-2010-2799

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2010-09-14T21:00:01.703

Modified: 2025-04-11T00:51:21.963

Link: CVE-2010-2799

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the nestlex function in nestlex.c in Socat 1.5.0.0 through 1.7.1.2 and 2.0.0-b1 through 2.0.0-b3, when bidirectional data relay is enabled, allows context-dependent attackers to execute arbitrary code via long command-line arguments."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2010-09-14T20:03:00Z"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=620426"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.dest-unreach.org/socat/download/socat-1.7.1.3.patch"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.dest-unreach.org/socat/contrib/socat-secadv2.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=330785"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=591443"}, {"name": "DSA-2090", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2010/dsa-2090"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-09-25T22:46:51.804Z"}, "references": [{"url": "https://github.com/msmania/poodim/commit/6340d5d2c81e55e61522c4b40a6cdd5c39738cc6"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=620426"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.dest-unreach.org/socat/download/socat-1.7.1.3.patch"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.dest-unreach.org/socat/contrib/socat-secadv2.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=330785"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=591443"}, {"name": "DSA-2090", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2010/dsa-2090"}], "title": "CVE Program Container", "x_generator": {"engine": "ADPogram 0.0.1"}}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-2799", "state": "PUBLISHED", "dateReserved": "2010-07-22T00:00:00Z", "datePublished": "2010-09-14T20:03:00Z", "dateUpdated": "2024-09-25T22:46:51.804Z"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dest-unreach:socat:1.5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "43189B21-C2E3-4066-82A1-456344B10131", "vulnerable": true}, {"criteria": "cpe:2.3:a:dest-unreach:socat:1.6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "15DA6703-CECF-4456-B8F6-18888629C122", "vulnerable": true}, {"criteria": "cpe:2.3:a:dest-unreach:socat:1.6.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "6320B213-6E09-4A64-9C44-3565A6006C74", "vulnerable": true}, {"criteria": "cpe:2.3:a:dest-unreach:socat:1.7.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "4C577A55-72B0-4F75-B7A3-558DBF2B7BFD", "vulnerable": true}, {"criteria": "cpe:2.3:a:dest-unreach:socat:1.7.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "34FFD979-165A-4465-8CCD-BA6CCEDC0016", "vulnerable": true}, {"criteria": "cpe:2.3:a:dest-unreach:socat:1.7.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B7B050A1-ECDE-47E8-8B7D-6AFD3923BA49", "vulnerable": true}, {"criteria": "cpe:2.3:a:dest-unreach:socat:1.7.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "D82983A5-0BBF-4131-AF82-1036FAFC0ABF", "vulnerable": true}, {"criteria": "cpe:2.3:a:dest-unreach:socat:2.0.0:b1:*:*:*:*:*:*", "matchCriteriaId": "7BE19927-5110-4C8D-8E3E-C075CA61023B", "vulnerable": true}, {"criteria": "cpe:2.3:a:dest-unreach:socat:2.0.0:b2:*:*:*:*:*:*", "matchCriteriaId": "9F7C7910-5259-40D9-848D-402017952540", "vulnerable": true}, {"criteria": "cpe:2.3:a:dest-unreach:socat:2.0.0:b3:*:*:*:*:*:*", "matchCriteriaId": "3E50A8D8-00A8-4578-85ED-C3A11A9CA955", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the nestlex function in nestlex.c in Socat 1.5.0.0 through 1.7.1.2 and 2.0.0-b1 through 2.0.0-b3, when bidirectional data relay is enabled, allows context-dependent attackers to execute arbitrary code via long command-line arguments."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n nestlex en nestlex.c en Socat 1.5.0.0 a 1.7.1.2 y 2.0.0-b1 a 2.0.0-b3, cuando el reenv\u00edo bidireccional de datos est\u00e1 habilitado, permite a atacantes dependientes del contexto ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de argumentos de l\u00ednea de comandos largos."}], "id": "CVE-2010-2799", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-09-14T21:00:01.703", "references": [{"source": "secalert@redhat.com", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=591443"}, {"source": "secalert@redhat.com", "url": "http://bugs.gentoo.org/show_bug.cgi?id=330785"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2010/dsa-2090"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.dest-unreach.org/socat/contrib/socat-secadv2.html"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.dest-unreach.org/socat/download/socat-1.7.1.3.patch"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=620426"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=591443"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.gentoo.org/show_bug.cgi?id=330785"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2010/dsa-2090"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.dest-unreach.org/socat/contrib/socat-secadv2.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.dest-unreach.org/socat/download/socat-1.7.1.3.patch"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=620426"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/msmania/poodim/commit/6340d5d2c81e55e61522c4b40a6cdd5c39738cc6"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}