openSUSE 15 Security Update : sox (openSUSE-SU-2023:0329-1)

critical Nessus Plugin ID 183956

Language:

Synopsis

The remote openSUSE host is missing one or more security updates.

Description

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0329-1 advisory.

- An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid pointer, leading to a NULL pointer dereference on lsx_readbuf in formats_i.c. (CVE-2019-13590)

- A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function lsx_read_w_buf() in formats_i.c file. The vulnerability is exploitable with a crafted file, that could cause an application to crash. (CVE-2021-23159)

- A floating point exception (divide-by-zero) issue was discovered in SoX in functon startread() of wav.c file. An attacker with a crafted wav file, could cause an application to crash. (CVE-2021-33844)

- A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer- overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information. (CVE-2021-3643)

- A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. (CVE-2021-40426)

- In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a.
(CVE-2022-31650)

- In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a. (CVE-2022-31651)

- A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service. (CVE-2023-32627)

- A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41.
This flaw can lead to a denial of service, code execution, or information disclosure. (CVE-2023-34318)

- A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure. (CVE-2023-34432)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected libsox3, sox and / or sox-devel packages.

See Also

https://bugzilla.suse.com/1212060

https://bugzilla.suse.com/1212061

https://bugzilla.suse.com/1212062

https://bugzilla.suse.com/1212063

http://www.nessus.org/u?6ce9c84e

https://www.suse.com/security/cve/CVE-2019-13590

https://www.suse.com/security/cve/CVE-2021-23159

https://www.suse.com/security/cve/CVE-2021-33844

https://www.suse.com/security/cve/CVE-2021-3643

https://www.suse.com/security/cve/CVE-2021-40426

https://www.suse.com/security/cve/CVE-2022-31650

https://www.suse.com/security/cve/CVE-2022-31651

https://www.suse.com/security/cve/CVE-2023-32627

https://www.suse.com/security/cve/CVE-2023-34318

https://www.suse.com/security/cve/CVE-2023-34432

Plugin Details

Severity: Critical

ID: 183956

File Name: openSUSE-2023-0329-1.nasl

Version: 1.0

Type: local

Agent: unix

Published: 10/27/2023

Updated: 10/27/2023

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-40426

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Temporal Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2021-3643

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:libsox3, p-cpe:/a:novell:opensuse:sox, p-cpe:/a:novell:opensuse:sox-devel, cpe:/o:novell:opensuse:15.5

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/26/2023

Vulnerability Publication Date: 7/14/2019

Reference Information

CVE: CVE-2019-13590, CVE-2021-23159, CVE-2021-33844, CVE-2021-3643, CVE-2021-40426, CVE-2022-31650, CVE-2022-31651, CVE-2023-32627, CVE-2023-34318, CVE-2023-34432