Heap-buffer-overflow in src/formats_i.c
CVE-2023-34432

7.8HIGH

Key Information:

Vendor: Red Hat
Status: Sox; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Fedora
Vendor: CVE Published:; 10 July 2023

Summary

A heap buffer overflow vulnerability exists in the lsx_readbuf function of Sox, specifically at sox/src/formats_i.c:98:16. This flaw poses risks such as denial of service, potential code execution, and information disclosure, allowing unauthorized access to sensitive data or system resources. Prompt mitigation is necessary to safeguard systems utilizing vulnerable versions of this audio processing tool.

References

https://access.redhat.com/security/cve/CVE-2023-34432

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2212291

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 10, 2023
Vulnerability Reserved
Jun 6, 2023