CVE-2024-54661 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitre	CNA	---				---
CISA-ADP	ADP	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 35%

Debian Releases

Debian Product

Codename

socat

bullseye	unimportant
bookworm	unimportant
trixie	1.8.0.3-1 fixed
sid	1.8.0.3-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

socat

plucky	needs-triage
oracular	ignored
noble	needs-triage
jammy	needs-triage
focal	needs-triage
bionic	needs-triage
xenial	needs-triage
trusty	needs-triage

Common Weakness Enumeration

CWE-61 - UNIX Symbolic Link (Symlink) Following
The software, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the software to operate on unauthorized files.

Vulnerability Media Exposure

[GERMAN] Red Hat Enterprise Linux (socat): Schwachstelle ermöglicht Manipulation von Dateien
Ein lokaler Angreifer kann eine Schwachstelle im "socat" Paket von Red Hat Enterprise Linux ausnutzen, um Dateien zu manipulieren.
Published: 2025-07-06T22:00:00+00:00

References

http://www.dest-unreach.org/socat/contrib/socat-secadv9.html

https://repo.or.cz/socat.git/blob/6ff391324d2d3b9f6bfb58e7d16a20be43b47af7:/readline.sh#l29