Skip to main content

socat CVE-2026-56123

| EUVDEUVD-2026-39455 CRITICAL
Heap-based Buffer Overflow (CWE-122)
N/A vendor:alpine GHSA-6r8c-w5mj-43hv
9.2
CVSS 4.0 · Vendor: vendor:alpine
Share

Severity by source

Vendor (vendor:alpine) PRIMARY
9.2 CRITICAL
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.1 HIGH

Attacker-controlled SOCKS5 proxy reply reaches socat over the network without victim auth (AV:N/PR:N/UI:N), but the specific proxy-client path and heap-grooming make it AC:H; memory corruption yields full C/I/A impact.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (vendor:alpine).

CVSS VectorVendor: vendor:alpine

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

6
Patch available
Jun 25, 2026 - 18:03 EUVD
Analysis Updated
Jun 25, 2026 - 17:28 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 25, 2026 - 17:28 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 25, 2026 - 17:22 vuln.today
cvss_changed
CVSS changed
Jun 25, 2026 - 17:22 NVD
9.2 (CRITICAL)
Analysis Generated
Jun 25, 2026 - 17:00 vuln.today

DescriptionCVE.org

Alpine Linux: socat fixed in 1.8.1.2-r0

AnalysisAI

Heap-based buffer overflow in socat's SOCKS5 reply parser allows a malicious or compromised SOCKS5 proxy server to corrupt heap memory in clients that route connections through it, with potential for code execution. The flaw affects socat versions prior to 1.8.1.2 (packaged on Alpine Linux as 1.8.1.2-r0) and is triggered when socat acts as a SOCKS5 client and processes an attacker-crafted server reply. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Attacker controls or compromises a SOCKS5 proxy
Delivery
Victim socat connects out via SOCKS5
Exploit
Proxy returns crafted SOCKS5 reply
Execution
Overflow heap buffer in reply parser
Impact
Corrupt heap memory / execute code in socat

Vulnerability AssessmentAI

Exploitation Exploitation requires that the target run socat as a SOCKS5 client - i.e. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are mixed and warrant careful prioritization. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who controls or has compromised a SOCKS5 proxy (or can tamper with proxy replies on the network path) waits for a victim's socat process to connect outbound through that proxy. The proxy returns a crafted SOCKS5 reply with malformed length/address fields, overflowing a heap buffer in socat's parser to corrupt memory and potentially achieve code execution in the socat process. …
Remediation Upgrade socat to version 1.8.1.2 or later; on Alpine Linux install socat 1.8.1.2-r0 or newer (Vendor-released patch: 1.8.1.2 / Alpine 1.8.1.2-r0). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Audit all systems running socat prior to version 1.8.1.2 (Alpine: 1.8.1.2-r0); disable SOCKS5 functionality where operationally feasible. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-56123 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy