CVE-2023-49993

Опубликовано: 12 дек. 2023

Источник: redhat

CVSS3: 5.3

EPSS Низкий

Описание

Espeak-ng 1.52-dev was discovered to contain a Buffer Overflow via the function ReadClause at readclause.c.

A flaw was found in the espeak-ng package. A local attacker can use a specially crafted payload to trigger a buffer overflow condition, which may lead to an application crash or allow for arbitrary code execution.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 8	espeak-ng	Will not fix
Red Hat Enterprise Linux 9	espeak-ng	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-119

https://bugzilla.redhat.com/show_bug.cgi?id=2254233espeak-ng: buffer overflow in ReadClause function at readclause.c

EPSS

Процентиль: 10%

0.00037

Низкий

5.3 Medium

CVSS3

Связанные уязвимости

CVE-2023-49993

CVSS3: 5.3

ubuntu

больше 1 года назад

Espeak-ng 1.52-dev was discovered to contain a Buffer Overflow via the function ReadClause at readclause.c.

CVE-2023-49993

CVSS3: 5.3

nvd

больше 1 года назад

Espeak-ng 1.52-dev was discovered to contain a Buffer Overflow via the function ReadClause at readclause.c.

CVE-2023-49993

CVSS3: 5.3

msrc

около 2 месяцев назад

Описание отсутствует

CVE-2023-49993

CVSS3: 5.3

debian

больше 1 года назад

Espeak-ng 1.52-dev was discovered to contain a Buffer Overflow via the ...

GHSA-qh3r-8rvv-95xp

CVSS3: 7.8

github

больше 1 года назад

Espeak-ng 1.52-dev was discovered to contain a Buffer Overflow via the function ReadClause at readclause.c.

EPSS

Процентиль: 10%

0.00037

Низкий

5.3 Medium

CVSS3