5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.3 Medium
AI Score
Confidence
High
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
35.0%
Issue Overview:
A null pointer dereference bug was found in wavpack-5.4.0 The results from the ASAN log: AddressSanitizer:DEADLYSIGNAL ===================================================================84257==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x561b47a970c6 bp 0x7fff13952fb0 sp 0x7fff1394fca0 T0) ==84257==The signal is caused by a WRITE memory access. ==84257==Hint: address points to the zero page. #0 0x561b47a970c5 in main cli/wvunpack.c:834 #1 0x7efc4f5c0082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) #2 0x561b47a945ed in _start (/usr/local/bin/wvunpack+0xa5ed) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV cli/wvunpack.c:834 in main ==84257==ABORTING (CVE-2022-2476)
Affected Packages:
wavpack
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update wavpack to update your system.
New Packages:
aarch64:
wavpack-4.60.1-9.amzn2.0.3.aarch64
wavpack-devel-4.60.1-9.amzn2.0.3.aarch64
wavpack-debuginfo-4.60.1-9.amzn2.0.3.aarch64
i686:
wavpack-4.60.1-9.amzn2.0.3.i686
wavpack-devel-4.60.1-9.amzn2.0.3.i686
wavpack-debuginfo-4.60.1-9.amzn2.0.3.i686
src:
wavpack-4.60.1-9.amzn2.0.3.src
x86_64:
wavpack-4.60.1-9.amzn2.0.3.x86_64
wavpack-devel-4.60.1-9.amzn2.0.3.x86_64
wavpack-debuginfo-4.60.1-9.amzn2.0.3.x86_64
Red Hat: CVE-2022-2476
Mitre: CVE-2022-2476
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 2 | aarch64 | wavpack | < 4.60.1-9.amzn2.0.3 | wavpack-4.60.1-9.amzn2.0.3.aarch64.rpm |
Amazon Linux | 2 | aarch64 | wavpack-devel | < 4.60.1-9.amzn2.0.3 | wavpack-devel-4.60.1-9.amzn2.0.3.aarch64.rpm |
Amazon Linux | 2 | aarch64 | wavpack-debuginfo | < 4.60.1-9.amzn2.0.3 | wavpack-debuginfo-4.60.1-9.amzn2.0.3.aarch64.rpm |
Amazon Linux | 2 | i686 | wavpack | < 4.60.1-9.amzn2.0.3 | wavpack-4.60.1-9.amzn2.0.3.i686.rpm |
Amazon Linux | 2 | i686 | wavpack-devel | < 4.60.1-9.amzn2.0.3 | wavpack-devel-4.60.1-9.amzn2.0.3.i686.rpm |
Amazon Linux | 2 | i686 | wavpack-debuginfo | < 4.60.1-9.amzn2.0.3 | wavpack-debuginfo-4.60.1-9.amzn2.0.3.i686.rpm |
Amazon Linux | 2 | x86_64 | wavpack | < 4.60.1-9.amzn2.0.3 | wavpack-4.60.1-9.amzn2.0.3.x86_64.rpm |
Amazon Linux | 2 | x86_64 | wavpack-devel | < 4.60.1-9.amzn2.0.3 | wavpack-devel-4.60.1-9.amzn2.0.3.x86_64.rpm |
Amazon Linux | 2 | x86_64 | wavpack-debuginfo | < 4.60.1-9.amzn2.0.3 | wavpack-debuginfo-4.60.1-9.amzn2.0.3.x86_64.rpm |
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.3 Medium
AI Score
Confidence
High
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
35.0%