Vulnerability Details : CVE-2021-23172

A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function startread() in hcom.c file. The vulnerability is exploitable with a crafted hcomn file, that could cause an application to crash.

Vulnerability category: OverflowMemory Corruption

Published 2022-08-25 20:15:09

Updated 2023-02-12 22:15:19

Source Red Hat, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2021-23172

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 8 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2021-23172

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H	1.8	3.6	[email protected]
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2021-23172

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

Assigned by: [email protected] (Primary)
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Assigned by: [email protected] (Secondary)

References for CVE-2021-23172

https://sourceforge.net/p/sox/bugs/350/

Exploit;Third Party Advisory
https://security.archlinux.org/CVE-2021-23172

Third Party Advisory
https://access.redhat.com/security/cve/CVE-2021-23172

Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1975666

Issue Tracking;Third Party Advisory

Products affected by CVE-2021-23172

Sox Project » SOX » Version: 14.4.2-7
cpe:2.3:a:sox_project:sox:14.4.2-7:*:*:*:*:*:*:*
Matching versions