Lucene search

[email protected]NVD:CVE-2023-34432

HistoryJul 10, 2023 - 9:15 p.m.

CVE-2023-34432

2023-07-1021:15:10

CWE-122

CWE-787

[email protected]

web.nvd.nist.gov

sox

buffer overflow

denial of service

code execution

information disclosure

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.2%

JSON

A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure.

Affected configurations

NVD

Node

sound_exchange_projectsound_exchangeRange≤14.4.3

Node

fedoraprojectextra_packages_for_enterprise_linuxMatch8.0

fedoraprojectfedoraMatch38

redhatenterprise_linuxMatch6.0

redhatenterprise_linuxMatch7.0

References

access.redhat.com/security/cve/CVE-2023-34432

bugzilla.redhat.com/show_bug.cgi?id=2212291

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.2%

JSON

Related for NVD:CVE-2023-34432

cvelist1 debiancve1 cve1 prion1 redhatcve1 veracode1 ubuntucve1 nessus5 amazon1 openvas1