CVE-2023-27354
published 2023-04-20CVE-2023-27354: This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos One Speaker 70.3-35220…
PriorityP337medium6.5CVSS 3.1
AVAACLPRNUINSUCHINAN
EPSS
0.63%
45.6th percentile
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the SMB directory query command. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before reading from memory. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-19727.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpseclib | phpseclib | >= 0 < 1.0.1-3ubuntu0.1+esm1 | 1.0.1-3ubuntu0.1+esm1 |
| phpseclib | phpseclib | >= 0 < 1.0.9-1ubuntu0.1~esm1 | 1.0.9-1ubuntu0.1~esm1 |
| phpseclib | phpseclib | >= 0 < 1.0.18-2ubuntu0.1~esm1 | 1.0.18-2ubuntu0.1~esm1 |
| phpseclib | phpseclib | >= 0 < 1.0.20-1ubuntu0.1~esm1 | 1.0.20-1ubuntu0.1~esm1 |
| phpseclib | phpseclib | >= 1.0.0 < 1.0.23 | 1.0.23 |
| phpseclib | phpseclib | >= 2.0.0 < 2.0.47 | 2.0.47 |
| phpseclib | phpseclib | >= 3.0.0 < 3.0.36 | 3.0.36 |
| sonos | one_firmware | — | — |
| sonos | one_speaker | — | — |
| sonos | s1 | < 11.7.1 | 11.7.1 |
| sonos | s2 | < 15.1 | 15.1 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv3.05.4MEDIUMCVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
ghsa7.5HIGH
osv7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
phpseclib vulnerabilities
osv·2025-04-02·CVSS 7.5
CVE-2021-30130 phpseclib vulnerabilities
phpseclib vulnerabilities
It was discovered that phpseclib did not correctly handle RSA PKCS#1
v1.5 signature verification. An attacker could possibly use this issue to
bypass authentication. This issue only affected Ubuntu 20.04 LTS.
(CVE-2021-30130)
It was discovered that phpseclib did not correctly handle certain
characters in certain TLS fields, which could lead to name confusion.
An attacker could possibly use this issue to bypass authentication.
(CVE-2023-52892)
It was discovered that phpseclib incorrectly limited the size of prime
numbers generated by isPrime. An attacker could possibly use this issue
to cause a denial of service. (CVE-2024-27354)
It was discovered that phpseclib did not correctly handle processing the
ASN.1 object identifier of a certificate. An attacker could
GHSA
phpseclib a large prime can cause a denial of service
ghsa·2024-03-02·CVSS 7.5
CVE-2024-27354 [HIGH] CWE-400 phpseclib a large prime can cause a denial of service
phpseclib a large prime can cause a denial of service
An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can construct a malformed certificate containing an extremely large prime to cause a denial of service (CPU consumption for an isPrime primality check). NOTE: this issue was introduced when attempting to fix CVE-2023-27560.
GHSA
GHSA-ppqq-2fjx-qxw2: This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos One Speaker 70
ghsa_unreviewed·2023-04-21
CVE-2023-27354 [MEDIUM] CWE-190 GHSA-ppqq-2fjx-qxw2: This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos One Speaker 70
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the SMB directory query command. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before reading from memory. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-19727.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-04-20
Published