CVE-2023-32627 — Floating Point Comparison with Incorrect Operator in Extra Packages FOR Enterprise Linux

CWE-1077 — Floating Point Comparison with Incorrect Operator CWE-697 — Incorrect Comparison7 documents7 sources

Severity

5.5MEDIUMNVD

CNA6.2

EPSS

0.0%

top 84.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fedoraproject Extra Packages FOR Enterprise Linux Fedoraproject Fedora Redhat Enterprise Linux +1 more

Timeline

PublishedJul 10

Latest updateSep 6

Description

A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDfedoraproject/extra_packages8.0

▶NVDsound_exchange_project/sound_exchange14.4.3

Also affects: Fedora 38, Enterprise Linux 6.0, 7.0

🔴Vulnerability Details

OSV

CVE-2023-32627: A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc↗2023-07-10

▶

GHSA

GHSA-4jrq-9cvx-fwjx: A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc↗2023-07-10

▶

CVEList

Floating point exception in src/voc.c↗2023-07-10

▶

📋Vendor Advisories

Ubuntu

SoX vulnerability↗2023-09-06

▶

Red Hat

sox: floating point exception in src/voc.c↗2023-05-05

▶

Debian

CVE-2023-32627: sox - A floating point exception vulnerability was found in sox, in the read_samples f...↗2023

▶