Vulnerabilities > CVE-2023-34432 - Out-of-bounds Write vulnerability in multiple products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

sound-exchange-project

redhat

fedoraproject

CWE-787

NVD

Published: 2023-07-10

Updated: 2023-11-07

Summary

A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure.

Vulnerable Configurations

Part	Description	Count
Application	Sound_Exchange_Project Sound Exchange Project Sound Exchange 12.16 Sound Exchange Project Sound Exchange 12.17 Sound Exchange Project Sound Exchange 12.17.1 Sound Exchange Project Sound Exchange 12.17.2 Sound Exchange Project Sound Exchange 12.17.3 Sound Exchange Project Sound Exchange 12.17.4 Sound Exchange Project Sound Exchange 12.17.5 Sound Exchange Project Sound Exchange 12.17.6 Sound Exchange Project Sound Exchange 12.17.7 Sound Exchange Project Sound Exchange 12.17.8 Sound Exchange Project Sound Exchange 12.17.9 Sound Exchange Project Sound Exchange 12.18.1 Sound Exchange Project Sound Exchange 12.18.2 Sound Exchange Project Sound Exchange 13.0.0 Sound Exchange Project Sound Exchange 14.0.0 Sound Exchange Project Sound Exchange 14.0.1 Sound Exchange Project Sound Exchange 14.1.0 Sound Exchange Project Sound Exchange 14.2.0 Sound Exchange Project Sound Exchange 14.3.0 Sound Exchange Project Sound Exchange 14.3.1 Sound Exchange Project Sound Exchange 14.3.2 Sound Exchange Project Sound Exchange 14.4.0 Sound Exchange Project Sound Exchange 14.4.1 Sound Exchange Project Sound Exchange 14.4.2 Sound Exchange Project Sound Exchange 14.4.3	25
Application	Fedoraproject Fedoraproject Extra Packages FOR Enterprise Linux 8.0	1
OS	Redhat Redhat Enterprise Linux 7.0 Redhat Enterprise Linux 6.0	2
OS	Fedoraproject Fedoraproject Fedora 38	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References