CVE-2020-23904

Опубликовано: 14 июл. 2020

Источник: redhat

CVSS3: 5.5

EPSS Низкий

Описание

A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file. NOTE: the vendor states "I cannot reproduce it" and it "is a demo program.

A stack-based buffer overflow flaw was found in speex within the read_samples() at src/speexenc.c function. This flaw allows a malicious user to provide a crafted wav file to the speexenc utility, and in some cases, possibly lead to arbitrary code execution. The highest threat from this vulnerability is to system availability.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	speex	Out of support scope
Red Hat Enterprise Linux 7	speex	Out of support scope
Red Hat Enterprise Linux 8	speex	Will not fix
Red Hat Enterprise Linux 9	speex	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-119

https://bugzilla.redhat.com/show_bug.cgi?id=2024253speex: stack-based buffer overflow in speexenc.c via a crafted WAV file

EPSS

Процентиль: 50%

0.00268

Низкий

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2020-23904

CVSS3: 5.5

ubuntu

около 4 лет назад

CVE-2020-23904

CVSS3: 5.5

nvd

около 4 лет назад

CVE-2020-23904

CVSS3: 5.5

debian

около 4 лет назад

A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers t ...

GHSA-3p3f-h63v-47c5

CVSS3: 5.5

github

больше 3 лет назад

A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file.

EPSS

Процентиль: 50%

0.00268

Низкий

5.5 Medium

CVSS3