Heap-buffer-overflow in src/formats_i.c
CVE-2023-34432

7.8HIGH

Key Information:

Vendor: Red Hat
Status: Sox; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Fedora
Vendor: CVE Published:; 10 July 2023

What is CVE-2023-34432?

A heap buffer overflow vulnerability exists in the lsx_readbuf function of Sox, specifically at sox/src/formats_i.c:98:16. This flaw poses risks such as denial of service, potential code execution, and information disclosure, allowing unauthorized access to sensitive data or system resources. Prompt mitigation is necessary to safeguard systems utilizing vulnerable versions of this audio processing tool.

References

https://access.redhat.com/security/cve/CVE-2023-34432

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2212291

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 10, 2023
Vulnerability Reserved
Jun 6, 2023

Red Hat

What is CVE-2023-34432?

References

CVSS V3.1

Timeline