Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-49994

Опубликовано: 12 дек. 2023
Источник: redhat
CVSS3: 5.5
EPSS Низкий

Описание

Espeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function PeaksToHarmspect at wavegen.c.

A flaw was found in the espeak-ng package. A local attacker can use a specially crafted payload to trigger a floating point exception error, which may lead to a denial of service.

Отчет

The Floating Point Exception discovered in espeak-ng within the PeaksToHarmspect function in wavegen.c is assessed as a low severity issue due to its limited impact and mitigating factors. Primarily, the occurrence of Floating Point Exceptions typically arises from non-standard floating-point operations, often involving division by zero or invalid arithmetic operations. However, these exceptions commonly trigger robust error handling mechanisms inherent in modern operating systems and programming environments, preventing program crashes or security vulnerabilities. Furthermore, the specific context of the issue within the PeaksToHarmspect function suggests its occurrence within a particular computational routine for generating waveforms, likely constrained to specific usage scenarios and input conditions. Consequently, its impact is localized and may not manifest in typical usage scenarios or pose significant risks to system stability or security.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 8espeak-ngFix deferred
Red Hat Enterprise Linux 9espeak-ngFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-1077
https://bugzilla.redhat.com/show_bug.cgi?id=2254235espeak-ng: floating point exception in PeaksToHarmspect at wavegen.c

EPSS

Процентиль: 14%
0.00046
Низкий

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-49994

CVSS3: 5.5
ubuntu
больше 1 года назад

Espeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function PeaksToHarmspect at wavegen.c.

nvd логотип

CVE-2023-49994

CVSS3: 5.5
nvd
больше 1 года назад

Espeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function PeaksToHarmspect at wavegen.c.

msrc логотип

CVE-2023-49994

CVSS3: 5.5
msrc
около 2 месяцев назад

Описание отсутствует

debian логотип

CVE-2023-49994

CVSS3: 5.5
debian
больше 1 года назад

Espeak-ng 1.52-dev was discovered to contain a Floating Point Exceptio ...

github логотип

GHSA-2gxf-v2x6-xmcm

CVSS3: 5.5
github
больше 1 года назад

Espeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function PeaksToHarmspect at wavegen.c.

EPSS

Процентиль: 14%
0.00046
Низкий

5.5 Medium

CVSS3