CVE-2024-54661: 
CBL Mariner vulnerability analysis and mitigation

A security vulnerability was identified in the readline.sh script of Socat versions 1.6.0.0 through 1.8.0.1 and 2.0.0-b1 through 2.0.0-b9. The vulnerability, tracked as CVE-2024-54661, involves the script's reliance on a predictable temporary directory (/tmp/$USER/stderr2), which could potentially be exploited. The issue was discovered by Wolfgang Frisch from SUSE and has been fixed in version 1.8.0.2 (Socat Advisory).

The vulnerability exists in the readline.sh script, which is typically installed in examples/ or doc/ directories and is invoked by the test.sh script. The issue stems from the script's use of a predictable temporary directory path (/tmp/$USER/stderr2). The vulnerability has been assigned a CVSS v3.1 base score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H by CISA-ADP (NVD).

The vulnerability allows unprivileged users to potentially overwrite arbitrary files belonging to the script's caller. While the severity is technically rated as CRITICAL according to CVSS scoring, the practical impact is considered LOW as readline.sh is usually neither installed in a bin directory nor is it documented in most installations (Socat Advisory).

The vulnerability has been fixed in Socat version 1.8.0.2. For users unable to upgrade immediately, a workaround is available: create the /tmp/$USER directory with the appropriate user ownership and set permissions to mode 0755 or tighter before running readline.sh or test.sh (Socat Advisory).