Nixpkgs Security Tracker

Untriaged

Permalink CVE-2023-34432

7.8 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 6 months ago

Heap-buffer-overflow in src/formats_i.c

A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure.

References

https://access.redhat.com/security/cve/CVE-2023-34432 x_refsource_REDHAT vdb-entry
RHBZ#2212291 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-34432 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2212291 issue-tracking x_refsource_REDHAT x_transferred
https://access.redhat.com/security/cve/CVE-2023-34432 x_refsource_REDHAT vdb-entry
RHBZ#2212291 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-34432 x_refsource_REDHAT vdb-entry x_transferred
RHBZ#2212291 issue-tracking x_refsource_REDHAT x_transferred

Affected products

sox

Matching in nixpkgs

pkgs.sox

Sample Rate Converter for audio

nixos-unstable -
- nixpkgs-unstable 2021-05-09

pkgs.soxr

Audio resampling library

nixos-unstable -
- nixpkgs-unstable 0.1.3

pkgs.soxt

GUI binding for using Open Inventor with Xt/Motif

nixos-unstable -
- nixpkgs-unstable 2019-06-14

pkgs.haskellPackages.sox

Play, write, read, convert audio signals using Sox

nixos-unstable -
- nixpkgs-unstable 0.2.3.2

pkgs.haskellPackages.soxlib

Write, read, convert audio signals using libsox

nixos-unstable -
- nixpkgs-unstable 0.0.3.2

pkgs.python312Packages.soxr

High quality, one-dimensional sample-rate conversion library

nixos-unstable -
- nixpkgs-unstable 1.0.0

pkgs.python313Packages.soxr