CVE-2024-5466104.12.2024, 05:15readline.sh in socat before1.8.0.2 relies on the /tmp/$USER/stderr2 file.SymlinkEnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST9.8 CRITICALNETWORKLOWNONECVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HmitreCNA------CISA-ADPADP9.8 CRITICALNETWORKLOWNONECVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HBase ScoreCVSS 3.xEPSS ScorePercentile: 37%Debian ReleasesDebian ProductCodenamesocatbullseyeunimportantbookwormunimportanttrixie1.8.0.3-1fixedforky1.8.1.0-2fixedsid1.8.1.0-2fixedUbuntu ReleasesUbuntu ProductCodenamesocatquestingneeds-triagepluckyneeds-triageoracularignorednobleneeds-triagejammyneeds-triagefocalneeds-triagebionicneeds-triagexenialneeds-triagetrustyneeds-triageCommon Weakness EnumerationCWE-61 - UNIX Symbolic Link (Symlink) FollowingThe software, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files.Referenceshttp://www.dest-unreach.org/socat/contrib/socat-secadv9.htmlhttps://repo.or.cz/socat.git/blob/6ff391324d2d3b9f6bfb58e7d16a20be43b47af7:/readline.sh#l29
