Lucene search
K

9 matches found

CVE
CVE
added 2022/02/18 7:51 p.m.106 views

CVE-2022-24049

CVE-2022-24049 affects Sonos One Speaker (S1/S2). The root cause is a stack-based buffer overflow in the ALAC audio codec due to insufficient validation of the length of user-supplied data before copying. This allows remote code execution with root privileges on affected installations. Affected v...

10CVSS9.7AI score0.07212EPSS
CVE
CVE
added 2022/02/18 7:51 p.m.101 views

CVE-2022-24046

Summary: CVE-2022-24046 affects Sonos One Speaker (S2 apps before 3.4.1; S1 apps before 11.2.13 build 57923290). The flaw is in the anacapd daemon and stems from improper validation of user-supplied data, causing an integer underflow and allowing code execution with root privileges. The vulnerabi...

9.8CVSS8.9AI score0.04085EPSS
CVE
CVE
added 2023/04/20 12:0 a.m.68 views

CVE-2023-27355

CVE-2023-27355 affects Sonos One Speaker 70.3-35220. The vulnerability lies in the MPEG-TS parser where the length of user-supplied data isn’t properly validated before copying to a fixed-length stack buffer, enabling network-adjacent attackers to execute code with root privileges (unrestricted, ...

8.8CVSS8.8AI score0.00814EPSS
CVE
CVE
added 2025/04/23 4:44 p.m.60 views

CVE-2025-1048

CVE-2025-1048 pertains to Sonos Era 300 speakers, where the/libsmb2 Use-After-Free vulnerability allows network-adjacent attackers to execute arbitrary code without authentication. The flaw arises in SMB data processing due to not validating the existence of an object before operations, enabling ...

8.8CVSS9.1AI score0.00498EPSS
CVE
CVE
added 2025/04/23 4:44 p.m.57 views

CVE-2025-1049

CVE-2025-1049 affects Sonos Era 300 speakers. A heap-based buffer overflow in ID3 data processing allows network-adjacent attackers (no authentication) to execute code in the context of the anacapa user. Root cause: insufficient validation of user-supplied data length before heap copy. Public det...

8.8CVSS9.1AI score0.0035EPSS
CVE
CVE
added 2023/04/20 12:0 a.m.51 views

CVE-2023-27353

CVE-2023-27353 affects Sonos One Speaker 70.3-35220. The flaw resides in the msprox endpoint, where improper validation of user-supplied data causes a read past the end of an allocated buffer. This can enable network-adjacent attackers to disclose sensitive information and, in combination with ot...

6.5CVSS5.8AI score0.0063EPSS
CVE
CVE
added 2025/04/23 4:44 p.m.51 views

CVE-2025-1050

CVE-2025-1050 describes a remote code execution via an out-of-bounds write in the Sonos Era 300 when processing HLS playlist data. The flaw arises from improper validation of user-supplied data, allowing a network-adjacent attacker (no authentication required) to write past the end of an allocate...

8.8CVSS7.9AI score0.00352EPSS
CVE
CVE
added 2023/04/20 12:0 a.m.50 views

CVE-2023-27352

CVE-2023-27352 affects Sonos One Speaker 70.3-35220. The flaw occurs during SMB directory query processing where the system does not validate object existence before operations, enabling unauthenticated, network-adjacent code execution as root. The issue is documented as ZDI-19845. In practice, r...

8.8CVSS8.9AI score0.00783EPSS
CVE
CVE
added 2023/04/20 12:0 a.m.45 views

CVE-2023-27354

CVE-2023-27354 affects Sonos One Speaker 70.3-35220. The flaw is in SMB directory query processing and results from improper validation of user-supplied data, causing an integer overflow that can enable arbitrary code execution as root. Exploitation details are not fully provided in the supplied ...

6.5CVSS6.1AI score0.0063EPSS