CVE-2022-31651 — Reachable Assertion in Exchange Project Sound Exchange

CWE-617 — Reachable Assertion CWE-1077 — Floating Point Comparison with Incorrect Operator10 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 77.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sound Exchange Project Sound Exchange

Timeline

PublishedMay 25

Latest updateMar 20

Description

In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

▶NVDsound_exchange_project/sound_exchange14.4.2

🔴Vulnerability Details

OSV

sox regression↗2023-03-20

▶

OSV

sox vulnerabilities↗2023-03-02

▶

GHSA

GHSA-56vf-qhhq-rrc2: In SoX 14↗2022-05-26

▶

CVEList

CVE-2022-31651: In SoX 14↗2022-05-25

▶

OSV

CVE-2022-31651: In SoX 14↗2022-05-25

▶

📋Vendor Advisories

Ubuntu

SoX regression↗2023-03-20

▶

Ubuntu

SoX vulnerabilities↗2023-03-02

▶

Red Hat

sox: an assertion failure in rate_init in rate.c in libsox.a↗2022-04-14

▶

Debian

CVE-2022-31651: sox - In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a.↗2022

▶