Lucene search

[email protected]NVD:CVE-2024-33431

HistoryMay 01, 2024 - 7:15 p.m.

CVE-2024-33431

2024-05-0119:15:27

CWE-670

[email protected]

web.nvd.nist.gov

phiola

denial of service

vulnerability

conv.c

wav file

remote attacker

2024-33431

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

High

EPSS

Percentile

10.3%

JSON

An issue in phiola/src/afilter/conv.c:115 of phiola v2.0-rc22 allows a remote attacker to cause a denial of service via a crafted .wav file.

References

github.com/Helson-S/FuzzyTesting/blob/master/phiola/flowPointException-1/flowPointException-1.assets/image-20240420004701828.png

github.com/Helson-S/FuzzyTesting/blob/master/phiola/flowPointException-1/flowPointException-1.md

github.com/Helson-S/FuzzyTesting/blob/master/phiola/flowPointException-1/poc/I0I72U~G

github.com/Helson-S/FuzzyTesting/tree/master/phiola/flowPointException-1

github.com/Helson-S/FuzzyTesting/tree/master/phiola/flowPointException-1/poc

github.com/stsaz/phiola/

github.com/stsaz/phiola/issues/27

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

6.5

Confidence

High

EPSS

Percentile

10.3%

JSON

Related for NVD:CVE-2024-33431

cve1 cvelist1 vulnrichment1