Unrated severityNVD Advisory· Published Jul 10, 2023· Updated Oct 1, 2024

Heap-buffer-overflow in src/formats_i.c

CVE-2023-34432

Description

A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure.

Affected products

Red Hat/Enterprise Linuxcpe-rescue2 versions
cpe:/o:redhat:enterprise_linux:6+ 1 more
- cpe:/o:redhat:enterprise_linux:6
- cpe:/o:redhat:enterprise_linux:7
osv-coords4 versions
pkg:rpm/opensuse/sox&distro=openSUSE%20Leap%2015.4 pkg:rpm/opensuse/sox&distro=openSUSE%20Leap%2015.5 pkg:rpm/suse/sox&distro=SUSE%20Package%20Hub%2015%20SP4 pkg:rpm/suse/sox&distro=SUSE%20Package%20Hub%2015%20SP5
< 14.4.2-bp154.2.3.1+ 3 more
- (no CPE)range: < 14.4.2-bp154.2.3.1
- (no CPE)range: < 14.4.2-bp155.3.3.1
- (no CPE)range: < 14.4.2-bp154.2.3.1
- (no CPE)range: < 14.4.2-bp155.3.3.1
Fedora/Extra Packages for Enterprise Linuxv5
Fedora/Fedorav5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

access.redhat.com/security/cve/CVE-2023-34432mitrevdb-entryx_refsource_REDHAT
bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000