CVE-2026-56123
HighCVSS 8.1Exploitation Probability (EPSS)
Low risk21th percentile — higher than 21% of all known CVEs
Summary
Heap-based buffer overflow vulnerability in socat versions 1.8.0.0 through 1.8.1.1. The flaw occurs in the DOMAINNAME reply parser where the domain name length byte is read as a signed char, causing a negative value that is implicitly converted to size_t, resulting in an unbounded heap write into the 262-byte reply buffer.
Risk Assessment
A malicious SOCKS5 proxy server can overwrite adjacent heap memory, potentially leading to remote code execution or application crash.
Recommendation
It is recommended to immediately update socat to version 1.8.1.2 or later, which includes a fix for this vulnerability.
Original NVD description (English source)
socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based buffer overflow vulnerability that allows a malicious SOCKS5 proxy server to overwrite adjacent heap memory by exploiting a sign-extension flaw in the DOMAINNAME reply parser. During connection setup, the domain name length byte is read through a signed char field causing a negative bytes_to_read value that is implicitly converted to size_t, resulting in an unbounded heap write into the 262-byte reply buffer with attacker-controlled size and content.

