Lucene search

GoogleOSV:GHSA-3X58-8QMV-WQW5

HistoryMay 13, 2022 - 1:49 a.m.

Aubio is vulnerable to out of bound read when samplerate > 50kHz

2022-05-1301:49:58

Google

osv.dev

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

68.7%

JSON

An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c when the samplerate of the input file is larger than 50kHz.

CPENameOperatorVersion
aubioeq0.4.3
aubioeq0.4.4
aubioeq0.4.3a2
aubioeq0.4.5
aubioeq0.4.3a1
aubioeq0.4.3.post1
aubioeq0.4.6

Name	Operator	Version
aubio	eq	0.4.3
aubio	eq	0.4.4
aubio	eq	0.4.3a2
aubio	eq	0.4.5
aubio	eq	0.4.3a1
aubio	eq	0.4.3.post1
aubio	eq	0.4.6

References

lists.opensuse.org/opensuse-security-announce/2019-03/msg00031.html

lists.opensuse.org/opensuse-security-announce/2019-04/msg00071.html

github.com/aubio/aubio

github.com/aubio/aubio/commit/af4f9e6a93b629fb6defa2a229ec828885b9d187

github.com/aubio/aubio/issues/189

nvd.nist.gov/vuln/detail/CVE-2018-14523

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

68.7%

JSON

Related for OSV:GHSA-3X58-8QMV-WQW5