Lucene search

[email protected]CVE-2019-18796

HistoryOct 16, 2020 - 1:15 p.m.

CVE-2019-18796

2020-10-1613:15:11

CWE-835

[email protected]

web.nvd.nist.gov

bass audio library

windows

dos vulnerability

bass_streamcreatefile

.mp3

cpu usage

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

44.1%

JSON

The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile Denial of Service vulnerability (infinite loop) via a crafted .mp3 file. This weakness could allow attackers to consume excessive CPU and the application becomes unresponsive.

Affected configurations

NVD

Node

un4seenbassRange≤2.4.14.1windows

CPENameOperatorVersion
un4seen:bassun4seen bassle2.4.14.1

CPE	Name	Operator	Version
un4seen:bass	un4seen bass	le	2.4.14.1

References

www.un4seen.com/

github.com/staufnic/CVE/tree/master/CVE-2019-18796

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

44.1%

JSON

Related for CVE-2019-18796

prion1 veracode1 cvelist1 nvd1