Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-5904-1.NASL
HistoryMar 02, 2023 - 12:00 a.m.

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : SoX vulnerabilities (USN-5904-1)

2023-03-0200:00:00
Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
JSON

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5904-1 advisory.

  • An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid pointer, leading to a NULL pointer dereference on lsx_readbuf in formats_i.c. (CVE-2019-13590)

  • A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer- overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information. (CVE-2021-3643)

  • A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function lsx_read_w_buf() in formats_i.c file. The vulnerability is exploitable with a crafted file, that could cause an application to crash. (CVE-2021-23159)

  • A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function startread() in hcom.c file. The vulnerability is exploitable with a crafted hcomn file, that could cause an application to crash. (CVE-2021-23172)

  • A floating point exception (divide-by-zero) issue was discovered in SoX in functon read_samples() of voc.c file. An attacker with a crafted file, could cause an application to crash. (CVE-2021-23210)

  • A floating point exception (divide-by-zero) issue was discovered in SoX in functon startread() of wav.c file. An attacker with a crafted wav file, could cause an application to crash. (CVE-2021-33844)

  • A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. (CVE-2021-40426)

  • In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a.
    (CVE-2022-31650)

  • In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a. (CVE-2022-31651)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-5904-1. The text
# itself is copyright (C) Canonical, Inc. See
# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
##

include('compat.inc');

if (description)
{
  script_id(172049);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/20");

  script_cve_id(
    "CVE-2019-13590",
    "CVE-2021-3643",
    "CVE-2021-23159",
    "CVE-2021-23172",
    "CVE-2021-23210",
    "CVE-2021-33844",
    "CVE-2021-40426",
    "CVE-2022-31650",
    "CVE-2022-31651"
  );
  script_xref(name:"USN", value:"5904-1");

  script_name(english:"Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : SoX vulnerabilities (USN-5904-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by
multiple vulnerabilities as referenced in the USN-5904-1 advisory.

  - An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer
    overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps
    malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid pointer,
    leading to a NULL pointer dereference on lsx_readbuf in formats_i.c. (CVE-2019-13590)

  - A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-
    overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive
    information. (CVE-2021-3643)

  - A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function lsx_read_w_buf() in
    formats_i.c file. The vulnerability is exploitable with a crafted file, that could cause an application to
    crash. (CVE-2021-23159)

  - A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function startread() in hcom.c
    file. The vulnerability is exploitable with a crafted hcomn file, that could cause an application to
    crash. (CVE-2021-23172)

  - A floating point exception (divide-by-zero) issue was discovered in SoX in functon read_samples() of voc.c
    file. An attacker with a crafted file, could cause an application to crash. (CVE-2021-23210)

  - A floating point exception (divide-by-zero) issue was discovered in SoX in functon startread() of wav.c
    file. An attacker with a crafted wav file, could cause an application to crash. (CVE-2021-33844)

  - A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound
    Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer
    overflow. An attacker can provide a malicious file to trigger this vulnerability. (CVE-2021-40426)

  - In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a.
    (CVE-2022-31650)

  - In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a. (CVE-2022-31651)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-5904-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-40426");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2021-3643");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/03/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/02");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:esm");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:22.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsox-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsox-fmt-all");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsox-fmt-alsa");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsox-fmt-ao");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsox-fmt-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsox-fmt-mp3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsox-fmt-oss");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsox-fmt-pulse");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsox2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsox3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:sox");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('16.04' >< os_release || '18.04' >< os_release || '20.04' >< os_release || '22.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04 / 22.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var pkgs = [
    {'osver': '16.04', 'pkgname': 'libsox-dev', 'pkgver': '14.4.1-5+deb8u4ubuntu0.1+esm1'},
    {'osver': '16.04', 'pkgname': 'libsox-fmt-all', 'pkgver': '14.4.1-5+deb8u4ubuntu0.1+esm1'},
    {'osver': '16.04', 'pkgname': 'libsox-fmt-alsa', 'pkgver': '14.4.1-5+deb8u4ubuntu0.1+esm1'},
    {'osver': '16.04', 'pkgname': 'libsox-fmt-ao', 'pkgver': '14.4.1-5+deb8u4ubuntu0.1+esm1'},
    {'osver': '16.04', 'pkgname': 'libsox-fmt-base', 'pkgver': '14.4.1-5+deb8u4ubuntu0.1+esm1'},
    {'osver': '16.04', 'pkgname': 'libsox-fmt-mp3', 'pkgver': '14.4.1-5+deb8u4ubuntu0.1+esm1'},
    {'osver': '16.04', 'pkgname': 'libsox-fmt-oss', 'pkgver': '14.4.1-5+deb8u4ubuntu0.1+esm1'},
    {'osver': '16.04', 'pkgname': 'libsox-fmt-pulse', 'pkgver': '14.4.1-5+deb8u4ubuntu0.1+esm1'},
    {'osver': '16.04', 'pkgname': 'libsox2', 'pkgver': '14.4.1-5+deb8u4ubuntu0.1+esm1'},
    {'osver': '16.04', 'pkgname': 'sox', 'pkgver': '14.4.1-5+deb8u4ubuntu0.1+esm1'},
    {'osver': '18.04', 'pkgname': 'libsox-dev', 'pkgver': '14.4.2-3ubuntu0.18.04.2'},
    {'osver': '18.04', 'pkgname': 'libsox-fmt-all', 'pkgver': '14.4.2-3ubuntu0.18.04.2'},
    {'osver': '18.04', 'pkgname': 'libsox-fmt-alsa', 'pkgver': '14.4.2-3ubuntu0.18.04.2'},
    {'osver': '18.04', 'pkgname': 'libsox-fmt-ao', 'pkgver': '14.4.2-3ubuntu0.18.04.2'},
    {'osver': '18.04', 'pkgname': 'libsox-fmt-base', 'pkgver': '14.4.2-3ubuntu0.18.04.2'},
    {'osver': '18.04', 'pkgname': 'libsox-fmt-mp3', 'pkgver': '14.4.2-3ubuntu0.18.04.2'},
    {'osver': '18.04', 'pkgname': 'libsox-fmt-oss', 'pkgver': '14.4.2-3ubuntu0.18.04.2'},
    {'osver': '18.04', 'pkgname': 'libsox-fmt-pulse', 'pkgver': '14.4.2-3ubuntu0.18.04.2'},
    {'osver': '18.04', 'pkgname': 'libsox3', 'pkgver': '14.4.2-3ubuntu0.18.04.2'},
    {'osver': '18.04', 'pkgname': 'sox', 'pkgver': '14.4.2-3ubuntu0.18.04.2'},
    {'osver': '20.04', 'pkgname': 'libsox-dev', 'pkgver': '14.4.2+git20190427-2+deb11u1build0.20.04.1'},
    {'osver': '20.04', 'pkgname': 'libsox-fmt-all', 'pkgver': '14.4.2+git20190427-2+deb11u1build0.20.04.1'},
    {'osver': '20.04', 'pkgname': 'libsox-fmt-alsa', 'pkgver': '14.4.2+git20190427-2+deb11u1build0.20.04.1'},
    {'osver': '20.04', 'pkgname': 'libsox-fmt-ao', 'pkgver': '14.4.2+git20190427-2+deb11u1build0.20.04.1'},
    {'osver': '20.04', 'pkgname': 'libsox-fmt-base', 'pkgver': '14.4.2+git20190427-2+deb11u1build0.20.04.1'},
    {'osver': '20.04', 'pkgname': 'libsox-fmt-mp3', 'pkgver': '14.4.2+git20190427-2+deb11u1build0.20.04.1'},
    {'osver': '20.04', 'pkgname': 'libsox-fmt-oss', 'pkgver': '14.4.2+git20190427-2+deb11u1build0.20.04.1'},
    {'osver': '20.04', 'pkgname': 'libsox-fmt-pulse', 'pkgver': '14.4.2+git20190427-2+deb11u1build0.20.04.1'},
    {'osver': '20.04', 'pkgname': 'libsox3', 'pkgver': '14.4.2+git20190427-2+deb11u1build0.20.04.1'},
    {'osver': '20.04', 'pkgname': 'sox', 'pkgver': '14.4.2+git20190427-2+deb11u1build0.20.04.1'},
    {'osver': '22.04', 'pkgname': 'libsox-dev', 'pkgver': '14.4.2+git20190427-2+deb11u1build0.22.04.1'},
    {'osver': '22.04', 'pkgname': 'libsox-fmt-all', 'pkgver': '14.4.2+git20190427-2+deb11u1build0.22.04.1'},
    {'osver': '22.04', 'pkgname': 'libsox-fmt-alsa', 'pkgver': '14.4.2+git20190427-2+deb11u1build0.22.04.1'},
    {'osver': '22.04', 'pkgname': 'libsox-fmt-ao', 'pkgver': '14.4.2+git20190427-2+deb11u1build0.22.04.1'},
    {'osver': '22.04', 'pkgname': 'libsox-fmt-base', 'pkgver': '14.4.2+git20190427-2+deb11u1build0.22.04.1'},
    {'osver': '22.04', 'pkgname': 'libsox-fmt-mp3', 'pkgver': '14.4.2+git20190427-2+deb11u1build0.22.04.1'},
    {'osver': '22.04', 'pkgname': 'libsox-fmt-oss', 'pkgver': '14.4.2+git20190427-2+deb11u1build0.22.04.1'},
    {'osver': '22.04', 'pkgname': 'libsox-fmt-pulse', 'pkgver': '14.4.2+git20190427-2+deb11u1build0.22.04.1'},
    {'osver': '22.04', 'pkgname': 'libsox3', 'pkgver': '14.4.2+git20190427-2+deb11u1build0.22.04.1'},
    {'osver': '22.04', 'pkgname': 'sox', 'pkgver': '14.4.2+git20190427-2+deb11u1build0.22.04.1'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var osver = NULL;
  var pkgname = NULL;
  var pkgver = NULL;
  if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
  if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
  if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
  if (osver && pkgname && pkgver) {
    if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  var tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libsox-dev / libsox-fmt-all / libsox-fmt-alsa / libsox-fmt-ao / etc');
}
VendorProductVersionCPE
canonicalubuntu_linux16.04cpe:/o:canonical:ubuntu_linux:16.04:-:esm
canonicalubuntu_linux18.04cpe:/o:canonical:ubuntu_linux:18.04:-:lts
canonicalubuntu_linux20.04cpe:/o:canonical:ubuntu_linux:20.04:-:lts
canonicalubuntu_linux22.04cpe:/o:canonical:ubuntu_linux:22.04:-:lts
canonicalubuntu_linuxlibsox-devp-cpe:/a:canonical:ubuntu_linux:libsox-dev
canonicalubuntu_linuxlibsox-fmt-allp-cpe:/a:canonical:ubuntu_linux:libsox-fmt-all
canonicalubuntu_linuxlibsox-fmt-alsap-cpe:/a:canonical:ubuntu_linux:libsox-fmt-alsa
canonicalubuntu_linuxlibsox-fmt-aop-cpe:/a:canonical:ubuntu_linux:libsox-fmt-ao
canonicalubuntu_linuxlibsox-fmt-basep-cpe:/a:canonical:ubuntu_linux:libsox-fmt-base
canonicalubuntu_linuxlibsox-fmt-mp3p-cpe:/a:canonical:ubuntu_linux:libsox-fmt-mp3
Rows per page:
1-10 of 151

Related

ubuntu 2
osv 4
openvas 9
nessus 12
debian 2
mageia 1
amazon 1
ubuntucve 12
prion 9
redhatcve 10
cve 10
alpinelinux 6
cvelist 9
veracode 9
debiancve 9
cnvd 1
talos 1
ubuntu
ubuntu
SoX vulnerabilities
2023-03-02 00:00:00
SoX regression
2023-03-20 00:00:00
osv
osv
sox - security update
2023-02-10 00:00:00
sox regression
2023-03-20 17:28:28
sox vulnerabilities
2023-03-02 11:42:50
openvas
openvas
Debian: Security Advisory (DSA-5356-1)
2023-02-23 00:00:00
Ubuntu: Security Advisory (USN-5904-2)
2023-03-21 00:00:00
Ubuntu: Security Advisory (USN-5904-1)
2023-03-03 00:00:00
nessus
nessus
Debian DSA-5356-1 : sox - security update
2023-02-22 00:00:00
Debian DLA-3315-1 : sox - LTS security update
2023-02-10 00:00:00
openSUSE 15 Security Update : sox (openSUSE-SU-2023:0328-1)
2023-10-27 00:00:00
debian
debian
[SECURITY] [DLA 3315-1] sox security update
2023-02-10 06:11:16
[SECURITY] [DSA 5356-1] sox security update
2023-02-20 19:09:18
mageia
mageia
Updated sox packages fix security vulnerability
2023-02-27 23:27:16
amazon
amazon
Medium: sox
2023-08-31 22:29:00
ubuntucve
ubuntucve
CVE-2019-13590
2019-07-14 00:00:00
CVE-2021-23159
2022-08-25 00:00:00
CVE-2021-33844
2022-08-25 00:00:00
prion
prion
Code injection
2022-08-25 20:15:00
Code injection
2022-08-25 20:15:00
Integer overflow
2019-07-14 16:15:00
redhatcve
redhatcve
CVE-2021-23210
2021-06-24 07:57:38
CVE-2021-33844
2021-06-24 07:57:29
CVE-2019-13590
2019-08-06 08:22:12
cve
cve
CVE-2021-33844
2022-08-25 20:15:00
CVE-2019-13590
2019-07-14 16:15:00
CVE-2021-40426
2022-04-14 20:15:00
alpinelinux
alpinelinux
CVE-2022-31651
2022-05-25 23:15:00
CVE-2021-33844
2022-08-25 20:15:00
CVE-2021-40426
2022-04-14 20:15:00
cvelist
cvelist
CVE-2021-33844
2022-08-25 19:34:38
CVE-2019-13590
2019-07-14 00:00:00
CVE-2021-40426
2022-04-14 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-08-26 06:22:36
Heap-based Buffer Overflow
2023-02-08 14:59:43
Denial Of Service (DoS)
2023-03-06 17:28:09
debiancve
debiancve
CVE-2021-23172
2022-08-25 20:15:00
CVE-2019-13590
2019-07-14 16:15:00
CVE-2022-31650
2022-05-25 23:15:00
cnvd
cnvd
SoX Denial of Service Vulnerability
2022-05-27 00:00:00
talos
talos
Sound Exchange libsox sphere.c start_read() heap-based buffer overflow vulnerability
2022-03-23 00:00:00
JSON
Related for UBUNTU_USN-5904-1.NASL
ubuntu2osv4openvas9nessus12debian2mageia1amazon1ubuntucve12prion9redhatcve10cve10alpinelinux6cvelist9veracode9debiancve9cnvd1talos1