CVE-2023-34432 — Heap-based Buffer Overflow in Exchange Project Sound Exchange

CWE-122 — Heap-based Buffer Overflow CWE-787 — Out-of-bounds Write6 documents6 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 89.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sound Exchange Project Sound Exchange Fedoraproject Extra Packages FOR Enterprise Linux Fedoraproject Fedora +1 more

Timeline

PublishedJul 10

Description

A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDsound_exchange_project/sound_exchange14.4.3

▶NVDfedoraproject/extra_packages8.0

Also affects: Fedora 38, Enterprise Linux 6.0, 7.0

🔴Vulnerability Details

GHSA

GHSA-fv9q-mgwx-m5gr: A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i↗2023-07-10

▶

OSV

CVE-2023-34432: A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i↗2023-07-10

▶

CVEList

Heap-buffer-overflow in src/formats_i.c↗2023-07-10

▶

📋Vendor Advisories

Red Hat

sox: heap-buffer-overflow in src/formats_i.c↗2023-05-05

▶

Debian

CVE-2023-34432: sox - A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf functi...↗2023

▶