Lucene search

Veracode Vulnerability DatabaseVERACODE:44679

HistoryDec 14, 2023 - 10:01 a.m.

Buffer Overflow

2023-12-1410:01:04

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

vulnerable

buffer overflow

readclause

readclause.c

bounds check

code execution

denial of service

software

5.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

0.0005 Low

EPSS

Percentile

17.2%

JSON

libespeak-ng.so is vulnerable to Buffer Overflow. The vulnerability is caused by the ReadClause function in readclause.c due to not having a bounds check when writing data to buffer. This allows an attacker to craft an input to trigger the overflow, potentially leads to code execution or Denial of service.

CPENameOperatorVersion
libespeak-ng.sole1.1.51
espeak-ng:sideq1.50+dfsg-7
libespeak-ng.sole1.1.51
espeak-ng:sideq1.50+dfsg-7

Name	Operator	Version
libespeak-ng.so	le	1.1.51
espeak-ng:sid	eq	1.50+dfsg-7
libespeak-ng.so	le	1.1.51
espeak-ng:sid	eq	1.50+dfsg-7

References

github.com/espeak-ng/espeak-ng/issues/1826

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PZEBWPNKPAYJMIM3AS2RP3FL6FX3HS4/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z5WW6RKHRWLEMCKCQ6UZCXWC5J7UWMUQ/