This PoC demonstrates a heap-based overflow in Socat 1.7.3.4 due to an integer overflow in the `_socat()` function, where a large buffer size (0x8000000000000050) causes an incorrect malloc allocation, leading to a crash. The lack of PIE mitigation in the binary exacerbates the exploitability.
Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target:Socat 1.7.3.4
No auth needed
Prerequisites:Socat 1.7.3.4 compiled without PIE · Ability to execute socat with crafted arguments