CVE-2023-34432 Heap-buffer-overflow in src/formats_i.c

2023-07-1020:05:39

CWE-122

redhat

www.cve.org

cve-2023-34432

lsx_readbuf function

denial of service

code execution

information disclosure

heap buffer overflow

sox

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

23.1%

JSON

A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure.

CNA Affected

[
  {
    "product": "sox",
    "vendor": "n/a",
    "defaultStatus": "affected"
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "sox",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "sox",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "product": "Fedora",
    "vendor": "Fedora",
    "collectionURL": "https://packages.fedoraproject.org/",
    "packageName": "sox",
    "defaultStatus": "affected"
  },
  {
    "product": "Extra Packages for Enterprise Linux",
    "vendor": "Fedora",
    "collectionURL": "https://packages.fedoraproject.org/",
    "packageName": "sox",
    "defaultStatus": "affected"
  }
]