CVE-2023-34318 — Heap-based Buffer Overflow in Extra Packages FOR Enterprise Linux

CWE-122 — Heap-based Buffer Overflow CWE-787 — Out-of-bounds Write6 documents6 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 90.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fedoraproject Extra Packages FOR Enterprise Linux Fedoraproject Fedora Redhat Enterprise Linux +1 more

Timeline

PublishedJul 10

Description

A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code execution, or information disclosure.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDfedoraproject/extra_packages8.0

▶NVDsound_exchange_project/sound_exchange14.4.3

Also affects: Fedora 38, Enterprise Linux 6.0, 7.0

🔴Vulnerability Details

OSV

CVE-2023-34318: A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom↗2023-07-10

▶

CVEList

Heap-buffer-overflow in src/hcom.c↗2023-07-10

▶

GHSA

GHSA-f26w-p752-7ggh: A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom↗2023-07-10

▶

📋Vendor Advisories

Red Hat

sox: heap-buffer-overflow in src/hcom.c↗2023-05-05

▶

Debian

CVE-2023-34318: sox - A heap buffer overflow vulnerability was found in sox, in the startread function...↗2023

▶