Lucene search

Ubuntu.comUB:CVE-2020-23904

HistoryNov 10, 2021 - 12:00 a.m.

CVE-2020-23904

2021-11-1000:00:00

ubuntu.com

stack buffer overflow

speex v1.2

disputed

denial of service

crafted wav file

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

32.1%

JSON

DISPUTED A stack buffer overflow in speexenc.c of Speex v1.2 allows
attackers to cause a denial of service (DoS) via a crafted WAV file. NOTE:
the vendor states “I cannot reproduce it” and it “is a demo program.”

Notes

Author	Note
leosilva	from upstream none was able to reproduce hence that issue was closed. Marking it as ignored

References

github.com/xiph/speex/issues/14

launchpad.net/bugs/cve/CVE-2020-23904

nvd.nist.gov/vuln/detail/CVE-2020-23904

security-tracker.debian.org/tracker/CVE-2020-23904

www.cve.org/CVERecord?id=CVE-2020-23904

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

32.1%

JSON

Related for UB:CVE-2020-23904