CRITICAL🇵🇱 Wersja polska

CVE-2024-54661

CVSS 9.8v3.1pub. 2024-12-04upd. 2026-04-15

readline.sh in socat before1.8.0.2 relies on the /tmp/$USER/stderr2 file.

🤖 AI Analysis
How it works

The readline.sh script creates or uses the file /tmp/$USER/stderr2 without appropriate protection against substitution. An attacker with access to the local file system can previously create a symbolic link (symlink) at this path, pointing to any system file. When the script subsequently operates on this path, it performs operations on the file indicated by the symlink instead of the intended temporary file. This corresponds to the CWE-61 (UNIX Symbolic Link Following) vulnerability class.

Impact

An attacker can cause arbitrary files to be written or overwritten on the system, which may consequently enable privilege escalation, code execution, or data corruption.

Mitigation & patch

Update socat to version 1.8.0.2 or newer, in accordance with the information in the vendor's security notice (socat-secadv9.html).

Who is affected

socat in versions before 1.8.0.2, in all environments where the readline.sh script is used

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References