Vulnerabilities > CVE-2023-27355 - Stack-based Buffer Overflow vulnerability in Sonos ONE Firmware, S1 and S2

CVSS 8.8 - HIGH

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

low complexity

sonos

CWE-121

NVD

Published: 2023-04-20

Updated: 2023-05-04

Summary

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MPEG-TS parser. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19773.

Vulnerable Configurations

Part	Description	Count
OS	Sonos Sonos ONE Firmware 70.3-35220	1
Hardware	Sonos Sonos ONE -	1
Application	Sonos Sonos S1 - Sonos S1 11.2.13 Sonos S2 - Sonos S2 3.4.1	4

Common Weakness Enumeration (CWE)

CWE-121 - Stack-based Buffer Overflow

References

https://www.zerodayinitiative.com/advisories/ZDI-23-449/

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Related news

References