dest-unreach / socat
what: "netcat++" (extended design, new implementation) OS: AIX, BSD, HP-UX, Linux, Solaris e.a. (UNIX) lic: GPL2 inst: tar x...; ./configure; make; make install doc: README; socat.html, socat.1; xio.help ui: command line exa: socat TCP6-LISTEN:8080,reuseaddr,fork PROXY:proxy:www.domain.com:80 keyw: tcp, udp, ipv6, raw ip, unix-socket, pty, pipe, listen, socks4, socks4a, proxy-connect, ssl-client, filedescriptor, readline, stdio, exec, system, file, open, tail -f, termios, setsockopt, chroot, fork, perm, owner, trace, dump, dgram, ext3, resolver, datagram, multicast, broadcast, interface, socket, sctp, generic, ioctl
2016-02-01: Socat security advisory 7 and MSVR-1499: "Bad DH p parameter in OpenSSL" and Socat security advisory 8: "Stack overflow in arguments parser" are published, fixes available in socat-188.8.131.52.tar.gz and socat-2.0.0-b9.tar.gz.
2015-04-06: Socat version 2 beta 8 (or bz2) fixes the possible denial of service attack (CVE-2015-1379), contains all fixes introduced up to 184.108.40.206 and corrects a few version 2 specific issues.
2015-02-08: Actual corrections to version 220.127.116.11 are available in git repository git://repo.or.cz/socat.git, branch fixes.
2015-01-24: Socat version 18.104.22.168 fixes a possible denial of service attack (CVE-2015-1379), improves SSL client security, and provides a couple of bug and porting fixes, see CHANGES.
Download gz or bz2
2014-03-09: Socat version 22.214.171.124 contains fixes for most of the bugs and porting issues reported or found in more than two years.
Download gz, bz2, or patch
2014-01-28: Socat versions 126.96.36.199 and 2.0.0-b7 fix a security issue: socats PROXY-CONNECT address was vulnerable to a buffer overflow with data provided on command line (CVE-2014-0019, advisory). Fixed versions are 188.8.131.52 and 2.0.0-b7. Patches are available in the download area.
2013-05-26: Socat versions 184.108.40.206 and 2.0.0-b6 fix a security issue: Under certain circumstances an FD leak occurs and may be misused for denial of service attacks against socat running in server mode (CVE-2013-3571, advisory). Fixed versions are 220.127.116.11 and 2.0.0-b6. Patches are available in the download area.
2012-05-14: A heap based buffer overflow vulnerability has been found with data that happens to be output on the READLINE address. Successful exploitation may allow an attacker to execute arbitrary code with the privileges of the socat process (CVE-2012-0219, advisory). Fixed versions are 18.104.22.168 and 2.0.0-b5. Patches are available in the download area.
2011-12-05: socat version 22.214.171.124 allows tun/tap interfaces without IP address and introduces options openssl-compress and max-children. It fixes 18 bugs and has 11 changes for improved platform support, especially for Mac OS X Lion, DragonFly, and Android.
2011-05-29: Michael Terzo provided a patch that fixes the compile error of socat 2.0.0 up to b4 on non-Linux systems.
2010-10-03: Vitali Shukela provided a patch that allows to use the original target address of an accepted connection in a socks or proxy address.
2010-08-02: A stack overflow vulnerability has been fixed that could be triggered when command line arguments were longer than 512 bytes (CVE-2010-2799, advisory). Fixed versions are 126.96.36.199 and 2.0.0-b4. See socat security advisory 2 for details.
2009-04-04: the third beta version (2.0.0-b3) of socat version 2 is ready for download. It contains all new bug fixes and features of 188.8.131.52 (plus fix:setenv, see below) and introduces the possibility to integrate external programs in address chains (see doc/socat-addresschain.html and doc/socat-exec.html).
You can download socat 184.108.40.206 in source form (.gz, .bz2). Feel free to check the md5 hashes.
Git repository containing socat 220.127.116.11 and all later version 1 releases is available.
There is a page with socat patches and contributions.