ALPINE-CVE-2026-56123
- Source
- https://security.alpinelinux.org/vuln/CVE-2026-56123
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2026-56123.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/ALPINE-CVE-2026-56123
- Upstream
- Published
- 2026-06-25T17:17:01.967Z
- Modified
- 2026-06-27T11:30:05.280560953Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based buffer overflow vulnerability that allows a malicious SOCKS5 proxy server to overwrite adjacent heap memory by exploiting a sign-extension flaw in the DOMAINNAME reply parser. During connection setup, the domain name length byte is read through a signed char field causing a negative bytestoread value that is implicitly converted to size_t, resulting in an unbounded heap write into the 262-byte reply buffer with attacker-controlled size and content.
- References
Affected packages
Alpine:v3.22 / socat
Package
- Name
- socat
- Purl
- pkg:apk/alpine/socat?arch=source
Alpine:v3.23 / socat
Package
- Name
- socat
- Purl
- pkg:apk/alpine/socat?arch=source