dest-unreach / socat / contrib /

socat patches and contributions

socat security advisory 9, CVE-2024-54661

readline.sh: arbitrary file overwrite via predictable /tmp directory

socat security advisory 8

A stack overflow vulnerability was found that can be triggered when command line arguments (complete address specifications, host names, file names) are longer than 512 bytes (advisory)

socat security advisory 7

In the OpenSSL address implementation the hard coded 1024 bit DH p parameter was not prime (advisory)

socat security advisory 6

Socats signal handler implementations was not async-signal-safe and could cause crash or freeze of socat processes (advisory)

socat security advisory 5

Socats PROXY-CONNECT address was vulnerable to a buffer overflow with data from command line (CVE-2014-0019, advisory)

socat security advisory 4

Under certain circumstances an FD leak occurs and may be misused for denial of service attacks against socat running in server mode (CVE-2013-3571, advisory)

socat security advisory 3

A heap based buffer overflow vulnerability has been found with data that happens to be output on the READLINE address. Successful exploitation may allow an attacker to execute arbitrary code with the privileges of the socat process (CVE-2012-0219, advisory). Fixed versions are 1.7.2.1 and 2.0.0-b5. Patches are available in the download area.

OpenSSL compression feature (for socat 1.7.1.3)

Michael Hanselmann provided a patch that adds option openssl-compress to disable the compress feature of actual OpenSSL versions.

Redirection feature (for socat 2.0.0-b3)

Vitali Shukela provided a patch that allows to use the original target address of an accepted connection in a socks or proxy address

Proxy certificates feature (for socat 1.6.0.0)

Jan Just Keijser implemented proxy certificates and provided a patch

RFC 2217 feature (for socat 1.6.0.0)

An extension for RFC 2217 support written by Kenneth Kassing is provided in the contrib section.

GNU Hurd port (for socat 1.6.0.0)

Thomas Schwinge and socats author performed some changes to make socat compile and (partially) run on GNU Hurd systems

Obsolete patches

These patches are already integrated into the actual socat distribution. Apply them to older socat versions only.

SCTP feature (for socat 2.0.0-b1)

SCTP support for socat has already been requested. Before it could be added to the official distribution, Jonathan Brannan contributed a patch.

Mac OS X port (for socat 1.6.0.1)

It is reported that new socat versions do not build on new Mac OS X versions. Camillo Lugaresi provided a patch that makes socat 1.6.0.1 compile and run on Mac OS X 10.4.

socat 1.6.0.1 patch (for socat 1.6.0.0)

Use this patch if you already have socat 1.6.0.0 source and want to update to 1.6.0.1 but are low on bandwidth or have changed the source code.

Too many open file descriptors fix (for socat 1.6.0.0)

Daniel Lucq found that socat might hang when invoked with many file descriptors already opened. Find more info and a patch to this problem.

Service name resolution failure

James Sainsbury found a problem with socat's service name resolution and contributed a solution. Find more info and a patch.

OpenSSL FIPS with socat

socat 1.4.3.1 patch

socat 1.4.0.3 patch

socat patch for pty

filan extensions

socat 1.4.0.2 patch

socat 1.4.0.1 patch

socks4a patch