CVE-2024-54661
CRITICALsocat 1.6.0.0-1.8.0.1 and 2.0.0-b1-2.0.0-b8 - UNIX Symbolic Link Following in readline.sh
Title source: llmDescription
readline.sh in socat before1.8.0.2 relies on the /tmp/$USER/stderr2 file.
References (2)
Core 2
Core References
Various Sources
https://repo.or.cz/socat.git/blob/6ff391324d2d3b9f6bfb58e7d16a20be43b47af7:/readline.sh#l29
Various Sources
http://www.dest-unreach.org/socat/contrib/socat-secadv9.html
Scores
CVSS v3
9.8
EPSS
0.0078
EPSS Percentile
50.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-61
Status
published
Products (2)
dest-unreach/socat
1.6.0.0 - 1.8.0.2
dest-unreach/socat
2.0.0-b1 - 2.0.0-b9
Published
Dec 04, 2024
Tracked Since
Feb 18, 2026