Heap-buffer-overflow in src/hcom.c
CVE-2023-34318

7.8HIGH

Key Information:

Vendor: Red Hat
Status: Sox; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Fedora
Vendor: CVE Published:; 10 July 2023

Summary

A heap buffer overflow vulnerability has been identified in the Sox audio processing tool, specifically within the startread function. This flaw can be exploited to trigger a denial of service, execute arbitrary code, or disclose sensitive information, putting systems at risk. Users are advised to update to the latest version to mitigate potential threats.

References

https://access.redhat.com/security/cve/CVE-2023-34318

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2212283

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 10, 2023
Vulnerability Reserved
Jun 6, 2023