9 matches found
CVE-2022-24049
CVE-2022-24049 affects Sonos One Speaker (S1/S2). The root cause is a stack-based buffer overflow in the ALAC audio codec due to insufficient validation of the length of user-supplied data before copying. This allows remote code execution with root privileges on affected installations. Affected v...
CVE-2022-24046
Summary: CVE-2022-24046 affects Sonos One Speaker (S2 apps before 3.4.1; S1 apps before 11.2.13 build 57923290). The flaw is in the anacapd daemon and stems from improper validation of user-supplied data, causing an integer underflow and allowing code execution with root privileges. The vulnerabi...
CVE-2023-27355
CVE-2023-27355 affects Sonos One Speaker 70.3-35220. The vulnerability lies in the MPEG-TS parser where the length of user-supplied data isn’t properly validated before copying to a fixed-length stack buffer, enabling network-adjacent attackers to execute code with root privileges (unrestricted, ...
CVE-2025-1048
CVE-2025-1048 pertains to Sonos Era 300 speakers, where the/libsmb2 Use-After-Free vulnerability allows network-adjacent attackers to execute arbitrary code without authentication. The flaw arises in SMB data processing due to not validating the existence of an object before operations, enabling ...
CVE-2025-1049
CVE-2025-1049 affects Sonos Era 300 speakers. A heap-based buffer overflow in ID3 data processing allows network-adjacent attackers (no authentication) to execute code in the context of the anacapa user. Root cause: insufficient validation of user-supplied data length before heap copy. Public det...
CVE-2023-27353
CVE-2023-27353 affects Sonos One Speaker 70.3-35220. The flaw resides in the msprox endpoint, where improper validation of user-supplied data causes a read past the end of an allocated buffer. This can enable network-adjacent attackers to disclose sensitive information and, in combination with ot...
CVE-2025-1050
CVE-2025-1050 describes a remote code execution via an out-of-bounds write in the Sonos Era 300 when processing HLS playlist data. The flaw arises from improper validation of user-supplied data, allowing a network-adjacent attacker (no authentication required) to write past the end of an allocate...
CVE-2023-27352
CVE-2023-27352 affects Sonos One Speaker 70.3-35220. The flaw occurs during SMB directory query processing where the system does not validate object existence before operations, enabling unauthenticated, network-adjacent code execution as root. The issue is documented as ZDI-19845. In practice, r...
CVE-2023-27354
CVE-2023-27354 affects Sonos One Speaker 70.3-35220. The flaw is in SMB directory query processing and results from improper validation of user-supplied data, causing an integer overflow that can enable arbitrary code execution as root. Exploitation details are not fully provided in the supplied ...