Vulnerability Description
socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service (file descriptor consumption) via multiple request that are refused based on the (1) sourceport, (2) lowport, (3) range, or (4) tcpwrap restrictions.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dest-Unreach | Socat | 1.2.0.0 |
References
- http://www.dest-unreach.org/socat/contrib/socat-secadv4.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:169
- http://www.openwall.com/lists/oss-security/2013/05/26/1
- http://www.dest-unreach.org/socat/contrib/socat-secadv4.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:169
- http://www.openwall.com/lists/oss-security/2013/05/26/1
FAQ
What is CVE-2013-3571?
CVE-2013-3571 is a vulnerability with a CVSS score of 2.6 (LOW). socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service (file descriptor con...
How severe is CVE-2013-3571?
CVE-2013-3571 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-3571?
Check the references section above for vendor advisories and patch information. Affected products include: Dest-Unreach Socat.