← back
CVE-2024-54661

CVE-2024-54661

CVSS 9.8 CRITICALEPSS 0.8%CWE-61
In short

socat versions before 1.8.0.2 use a predictable temporary file in /tmp that can be hijacked by other users on the same system to execute arbitrary code with the privileges of the socat process.

Technical detail

CWE-61 (TOCTOU) vulnerability in readline.sh allows local privilege escalation via symlink attack against the /tmp/$USER/stderr2 file. An attacker can create a symlink to overwrite arbitrary files or inject malicious code executed in the socat process context, requiring only local file system access.

Summary generated and translated by AI from the official description.
readline.sh in socat before1.8.0.2 relies on the /tmp/$USER/stderr2 file.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
dest-unreach · socat

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://repo.or.cz/socat.git/blob/6ff391324d2d3b9f6bfb58e7d16a20be43b47af7:/readline.sh#l29http://www.dest-unreach.org/socat/contrib/socat-secadv9.html