fixed a stack overflow vulnerability with long command line args

2025-07-20 01:42:58 +00:00 · 2010-10-03 11:36:50 +02:00 · 2010-10-03 11:36:50 +02:00 · 6340d5d2c8
commit 6340d5d2c8
parent 07db31f7ac
3 changed files with 85 additions and 4 deletions
--- a/9
+++ b/9
@ -1,4 +1,13 @@

+security:
+	fixed a stack overflow vulnerability that occurred when command
+	line arguments (whole addresses, host names, file names) were longer
+	than 512 bytes.
+	Note that this could only be exploited when an attacker was able to
+	inject data into socat's command line.
+	Full credits to Felix Gröbert, Google Security Team, for finding and
+	reporting this issue
+
 ####################### V 1.7.1.2:

 corrections: