CVE-2013-3571
First published: Thu May 08 2014(Updated: )
socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service (file descriptor consumption) via multiple request that are refused based on the (1) sourceport, (2) lowport, (3) range, or (4) tcpwrap restrictions.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| socat | =1.2.0.0 | |
| socat | =1.3.0.0 | |
| socat | =1.3.0.1 | |
| socat | =1.3.1.0 | |
| socat | =1.3.2.0 | |
| socat | =1.3.2.1 | |
| socat | =1.3.2.2 | |
| socat | =1.4.0.0 | |
| socat | =1.4.0.1 | |
| socat | =1.4.0.2 | |
| socat | =1.4.0.3 | |
| socat | =1.4.1.0 | |
| socat | =1.4.2.0 | |
| socat | =1.4.3.0 | |
| socat | =1.4.3.1 | |
| socat | =1.5.0.0 | |
| socat | =1.6.0.0 | |
| socat | =1.6.0.1 | |
| socat | =1.7.0.0 | |
| socat | =1.7.0.1 | |
| socat | =1.7.1.0 | |
| socat | =1.7.1.1 | |
| socat | =1.7.1.2 | |
| socat | =1.7.1.3 | |
| socat | =1.7.2.0 | |
| socat | =1.7.2.1 | |
| socat | =2.0.0-b1 | |
| socat | =2.0.0-b2 | |
| socat | =2.0.0-b3 | |
| socat | =2.0.0-b4 | |
| socat | =2.0.0-b5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-3571?
CVE-2013-3571 has a medium severity rating, primarily causing denial of service through file descriptor consumption.
How do I fix CVE-2013-3571?
To mitigate CVE-2013-3571, upgrade socat to version 1.7.2.2 or later, or 2.0.0-b6 or later.
What versions of socat are affected by CVE-2013-3571?
CVE-2013-3571 affects socat versions prior to 1.7.2.2 and 2.0.0-b6.
What are the consequences of exploiting CVE-2013-3571?
Exploitation of CVE-2013-3571 can lead to denial of service, causing the application to exhaust file descriptors.
Is there a workaround for CVE-2013-3571?
A possible workaround for CVE-2013-3571 is to disable the fork option in socat if upgrading is not feasible.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/last-modified-date
- agent/severity
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/dest-unreach
- canonical/socat
- version/socat/1.2.0.0
- version/socat/1.3.0.0
- version/socat/1.3.0.1
- version/socat/1.3.1.0
- version/socat/1.3.2.0
- version/socat/1.3.2.1
- version/socat/1.3.2.2
- version/socat/1.4.0.0
- version/socat/1.4.0.1
- version/socat/1.4.0.2
- version/socat/1.4.0.3
- version/socat/1.4.1.0
- version/socat/1.4.2.0
- version/socat/1.4.3.0
- version/socat/1.4.3.1
- version/socat/1.5.0.0
- version/socat/1.6.0.0
- version/socat/1.6.0.1
- version/socat/1.7.0.0
- version/socat/1.7.0.1
- version/socat/1.7.1.0
- version/socat/1.7.1.1
- version/socat/1.7.1.2
- version/socat/1.7.1.3
- version/socat/1.7.2.0
- version/socat/1.7.2.1
- version/socat/2.0.0-b1
- version/socat/2.0.0-b2
- version/socat/2.0.0-b3
- version/socat/2.0.0-b4
- version/socat/2.0.0-b5