CVE-2019-8356Improper Validation of Array Index in Exchange Project Sound Exchange

CWE-129Improper Validation of Array IndexCWE-787Out-of-bounds WriteCWE-121Stack-based Buffer Overflow12 documents8 sources
Severity
5.5MEDIUMNVD
OSV5.0
EPSS
1.2%
top 21.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Sound Exchange Project Sound Exchange
Timeline
PublishedFeb 15
Latest updateMay 13

Description

An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically declared array, aka a stack-based buffer overflow.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

5
GHSA
GHSA-q96g-69rj-hjwx: An issue was discovered in SoX 142022-05-13
OSV
sox vulnerabilities2019-08-01
OSV
sox vulnerabilities2019-07-30
OSV
CVE-2019-8356: An issue was discovered in SoX 142019-02-15
CVEList
CVE-2019-8356: An issue was discovered in SoX 142019-02-15

📋Vendor Advisories

4
Ubuntu
SoX vulnerabilities2019-08-01
Ubuntu
SoX vulnerabilities2019-07-30
Red Hat
sox: stack-based buffer overflow in bitrv2 in fft4g.c2019-02-07
Debian
CVE-2019-8356: sox - An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c...2019

💬Community

2
Bugzilla
CVE-2019-8356 sox: stack-based buffer overflow in bitrv2 in fft4g.c [fedora-all]2019-02-18
Bugzilla
CVE-2019-8356 sox: stack-based buffer overflow in bitrv2 in fft4g.c2019-02-18
CVE-2019-8356 — Improper Validation of Array Index | cvebase