readline.sh in socat before1.8.0.2 relies on the /tmp/$USER/stderr2 file.
The readline.sh script creates or uses the file /tmp/$USER/stderr2 without appropriate protection against substitution. An attacker with access to the local file system can previously create a symbolic link (symlink) at this path, pointing to any system file. When the script subsequently operates on this path, it performs operations on the file indicated by the symlink instead of the intended temporary file. This corresponds to the CWE-61 (UNIX Symbolic Link Following) vulnerability class.
An attacker can cause arbitrary files to be written or overwritten on the system, which may consequently enable privilege escalation, code execution, or data corruption.
Update socat to version 1.8.0.2 or newer, in accordance with the information in the vendor's security notice (socat-secadv9.html).
socat in versions before 1.8.0.2, in all environments where the readline.sh script is used
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H