CVE-2013-3571
Vulnerability from cvelistv5
Published
2014-05-08 14:00
Modified
2024-08-06 16:14
Severity ?
EPSS score ?
Summary
socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service (file descriptor consumption) via multiple request that are refused based on the (1) sourceport, (2) lowport, (3) range, or (4) tcpwrap restrictions.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.dest-unreach.org/socat/contrib/socat-secadv4.html"
},
{
"name": "MDVSA-2013:169",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:169"
},
{
"name": "[oss-security] 20130526 socat security advisory 4 - CVE-2013-3571",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/05/26/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service (file descriptor consumption) via multiple request that are refused based on the (1) sourceport, (2) lowport, (3) range, or (4) tcpwrap restrictions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-08T12:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.dest-unreach.org/socat/contrib/socat-secadv4.html"
},
{
"name": "MDVSA-2013:169",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:169"
},
{
"name": "[oss-security] 20130526 socat security advisory 4 - CVE-2013-3571",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/05/26/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3571",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service (file descriptor consumption) via multiple request that are refused based on the (1) sourceport, (2) lowport, (3) range, or (4) tcpwrap restrictions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.dest-unreach.org/socat/contrib/socat-secadv4.html",
"refsource": "CONFIRM",
"url": "http://www.dest-unreach.org/socat/contrib/socat-secadv4.html"
},
{
"name": "MDVSA-2013:169",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:169"
},
{
"name": "[oss-security] 20130526 socat security advisory 4 - CVE-2013-3571",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/05/26/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3571",
"datePublished": "2014-05-08T14:00:00",
"dateReserved": "2013-05-21T00:00:00",
"dateUpdated": "2024-08-06T16:14:56.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2013-3571\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2014-05-08T14:29:08.957\",\"lastModified\":\"2024-11-21T01:53:54.377\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service (file descriptor consumption) via multiple request that are refused based on the (1) sourceport, (2) lowport, (3) range, or (4) tcpwrap restrictions.\"},{\"lang\":\"es\",\"value\":\"socat 1.2.0.0 anterior a 1.7.2.2 y 2.0.0-b1 anterior a 2.0.0-b6, cuando se utiliza para una direcci\u00f3n tipo escucha y la opci\u00f3n de bifurcaci\u00f3n est\u00e1 habilitada, permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de descriptor de archivos) a trav\u00e9s de solicitudes m\u00faltiples que est\u00e1n denegadas bas\u00e1ndose en las restricciones (1) sourceport, (2) lowport, (3) range o (4) tcpwrap.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:N/I:N/A:P\",\"baseScore\":2.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":4.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dest-unreach:socat:1.2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CF4F3C1-1CE9-44BC-B510-1802E57B6680\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dest-unreach:socat:1.3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6618A30F-2FC9-48D0-8C70-F12748F83D2C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dest-unreach:socat:1.3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF45DB7D-2751-4709-9240-25A8335A82B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dest-unreach:socat:1.3.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CDC9F84-2E18-4D1C-9E74-718CD174C543\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dest-unreach:socat:1.3.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6ECD914-987C-4B8D-A985-C6E68749CA28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dest-unreach:socat:1.3.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DBF894DA-EC5E-43E0-B88F-764AA0A6C238\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dest-unreach:socat:1.3.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C77701F-CC50-44B9-8C98-26E75AF562B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dest-unreach:socat:1.4.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"484E84E3-C649-4927-800B-BC41B62CDC66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dest-unreach:socat:1.4.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6155431A-7487-46D9-8F32-185C198CD2BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dest-unreach:socat:1.4.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C191EDF-E53C-4E37-8ED4-488B23C844D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dest-unreach:socat:1.4.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"64E2E694-D2BF-4E35-B65E-7DD020B76972\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dest-unreach:socat:1.4.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13D897B0-BCBF-4670-82C6-AD877C5EC167\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dest-unreach:socat:1.4.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"324DB41F-9A19-4BDB-9187-13EFA0902785\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dest-unreach:socat:1.4.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57E632D6-3B7A-49C0-B320-2AB4094ECF98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dest-unreach:socat:1.4.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BDC15BD-7398-4108-A598-662CA955F644\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dest-unreach:socat:1.5.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43189B21-C2E3-4066-82A1-456344B10131\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dest-unreach:socat:1.6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15DA6703-CECF-4456-B8F6-18888629C122\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dest-unreach:socat:1.6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6320B213-6E09-4A64-9C44-3565A6006C74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dest-unreach:socat:1.7.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C577A55-72B0-4F75-B7A3-558DBF2B7BFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dest-unreach:socat:1.7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34FFD979-165A-4465-8CCD-BA6CCEDC0016\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dest-unreach:socat:1.7.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7B050A1-ECDE-47E8-8B7D-6AFD3923BA49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dest-unreach:socat:1.7.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D82983A5-0BBF-4131-AF82-1036FAFC0ABF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dest-unreach:socat:1.7.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17BEC895-BD41-42D5-B82A-72F81D30E776\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dest-unreach:socat:1.7.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5F35F95-B83A-4ED0-B40C-8E1C513F37A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dest-unreach:socat:1.7.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FEF36D5D-1FD1-4484-8481-19E1E9F5571A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dest-unreach:socat:1.7.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A38BE461-2B65-495D-8D5E-BEAE29AC1040\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dest-unreach:socat:2.0.0:b1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BE19927-5110-4C8D-8E3E-C075CA61023B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dest-unreach:socat:2.0.0:b2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F7C7910-5259-40D9-848D-402017952540\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dest-unreach:socat:2.0.0:b3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E50A8D8-00A8-4578-85ED-C3A11A9CA955\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dest-unreach:socat:2.0.0:b4:*:*:*:*:*:*\",\"matchCriteriaId\":\"07DE8F2A-AE2C-4EE9-80BE-2B77334ACE9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dest-unreach:socat:2.0.0:b5:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDEB3CA6-8B73-4D4D-BF77-D0B9974620F7\"}]}]}],\"references\":[{\"url\":\"http://www.dest-unreach.org/socat/contrib/socat-secadv4.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2013:169\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2013/05/26/1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.dest-unreach.org/socat/contrib/socat-secadv4.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2013:169\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2013/05/26/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.