CVE-2023-26590 — Floating Point Comparison with Incorrect Operator in Extra Packages FOR Enterprise Linux

CWE-1077 — Floating Point Comparison with Incorrect Operator CWE-697 — Incorrect Comparison6 documents6 sources

Severity

5.5MEDIUMNVD

CNA6.2

EPSS

0.0%

top 91.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fedoraproject Extra Packages FOR Enterprise Linux Fedoraproject Fedora Redhat Enterprise Linux +1 more

Timeline

PublishedJul 10

Description

A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDfedoraproject/extra_packages8.0

▶NVDsound_exchange_project/sound_exchange14.4.3

Also affects: Fedora 38, Enterprise Linux 6.0, 7.0

🔴Vulnerability Details

CVEList

Floating point exception in src/aiff.c↗2023-07-10

▶

OSV

CVE-2023-26590: A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff↗2023-07-10

▶

GHSA

GHSA-68xp-j24j-mvjp: A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff↗2023-07-10

▶

📋Vendor Advisories

Red Hat

sox: floating point exception in src/aiff.c↗2023-05-05

▶

Debian

CVE-2023-26590: sox - A floating point exception vulnerability was found in sox, in the lsx_aiffstartw...↗2023

▶