openSUSE 15 Security Update : sox (openSUSE-SU-2023:0328-1)

critical Nessus Plugin ID 183954

Language:

Synopsis

The remote openSUSE host is missing one or more security updates.

Description

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0328-1 advisory.

- An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid pointer, leading to a NULL pointer dereference on lsx_readbuf in formats_i.c. (CVE-2019-13590)

- A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function lsx_read_w_buf() in formats_i.c file. The vulnerability is exploitable with a crafted file, that could cause an application to crash. (CVE-2021-23159)

- A floating point exception (divide-by-zero) issue was discovered in SoX in functon startread() of wav.c file. An attacker with a crafted wav file, could cause an application to crash. (CVE-2021-33844)

- A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer- overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information. (CVE-2021-3643)

- A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. (CVE-2021-40426)

- In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a.
(CVE-2022-31650)

- In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a. (CVE-2022-31651)

- A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service. (CVE-2023-32627)

- A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41.
This flaw can lead to a denial of service, code execution, or information disclosure. (CVE-2023-34318)

- A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure. (CVE-2023-34432)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected libsox3, sox and / or sox-devel packages.

Plugin Details

Severity: Critical

ID: 183954

File Name: openSUSE-2023-0328-1.nasl

Version: 1.0

Type: local

Agent: unix

Family: SuSE Local Security Checks

Published: 10/27/2023

Updated: 10/27/2023

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-40426

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Temporal Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2021-3643

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:libsox3, p-cpe:/a:novell:opensuse:sox, p-cpe:/a:novell:opensuse:sox-devel, cpe:/o:novell:opensuse:15.4

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/26/2023

Vulnerability Publication Date: 7/14/2019

Reference Information

CVE: CVE-2019-13590, CVE-2021-23159, CVE-2021-33844, CVE-2021-3643, CVE-2021-40426, CVE-2022-31650, CVE-2022-31651, CVE-2023-32627, CVE-2023-34318, CVE-2023-34432

Detections

Analytics