jiachao2130/cvrf2cusa
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
cvrf2cusa/cvrf/2023/cvrf-openEuler-SA-2023-1931.xml
Jia Chao 0b34274085 git mv 
Signed-off-by: Jia Chao <jiac13@chinaunicom.cn>
2024-07-25 09:57:37 +08:00

421 lines
25 KiB
XML
Raw Permalink Blame History

<?xml version="1.0" encoding="UTF-8"?>
<cvrfdoc xmlns="http://www.icasi.org/CVRF/schema/cvrf/1.1" xmlns:cvrf="http://www.icasi.org/CVRF/schema/cvrf/1.1">
<DocumentTitle xml:lang="en">An update for sox is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2</DocumentTitle>
<DocumentType>Security Advisory</DocumentType>
<DocumentPublisher Type="Vendor">
<ContactDetails>openeuler-security@openeuler.org</ContactDetails>
<IssuingAuthority>openEuler security committee</IssuingAuthority>
</DocumentPublisher>
<DocumentTracking>
<Identification>
<ID>openEuler-SA-2023-1931</ID>
</Identification>
<Status>Final</Status>
<Version>1.0</Version>
<RevisionHistory>
<Revision>
<Number>1.0</Number>
<Date>2023-12-15</Date>
<Description>Initial</Description>
</Revision>
</RevisionHistory>
<InitialReleaseDate>2023-12-15</InitialReleaseDate>
<CurrentReleaseDate>2023-12-15</CurrentReleaseDate>
<Generator>
<Engine>openEuler SA Tool V1.0</Engine>
<Date>2023-12-15</Date>
</Generator>
</DocumentTracking>
<DocumentNotes>
<Note Title="Synopsis" Type="General" Ordinal="1" xml:lang="en">sox security update</Note>
<Note Title="Summary" Type="General" Ordinal="2" xml:lang="en">An update for sox is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2.</Note>
<Note Title="Description" Type="General" Ordinal="3" xml:lang="en">SoX is a cross-platform (Windows, Linux, MacOS X, etc.) command line utility that can convert various formats of computer audio files in to other formats. It can also apply various effects to these sound files, and, as an added bonus, SoX can play and record audio files on most platforms.
Security Fix(es):
A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function lsx_read_w_buf() in formats_i.c file. The vulnerability is exploitable with a crafted file, that could cause an application to crash.(CVE-2021-23159)
A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function startread() in hcom.c file. The vulnerability is exploitable with a crafted hcomn file, that could cause an application to crash.(CVE-2021-23172)
A floating point exception (divide-by-zero) issue was discovered in SoX in functon read_samples() of voc.c file. An attacker with a crafted file, could cause an application to crash.(CVE-2021-23210)
A floating point exception (divide-by-zero) issue was discovered in SoX in functon startread() of wav.c file. An attacker with a crafted wav file, could cause an application to crash.(CVE-2021-33844)
A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service.(CVE-2023-26590)
A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service.(CVE-2023-32627)
A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code execution, or information disclosure.(CVE-2023-34318)
A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure.(CVE-2023-34432)</Note>
<Note Title="Topic" Type="General" Ordinal="4" xml:lang="en">An update for sox is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.</Note>
<Note Title="Severity" Type="General" Ordinal="5" xml:lang="en">High</Note>
<Note Title="Affected Component" Type="General" Ordinal="6" xml:lang="en">sox</Note>
</DocumentNotes>
<DocumentReferences>
<Reference Type="Self">
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1931</URL>
</Reference>
<Reference Type="openEuler CVE">
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-23159</URL>
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-23172</URL>
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-23210</URL>
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-33844</URL>
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-26590</URL>
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-32627</URL>
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-34318</URL>
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-34432</URL>
</Reference>
<Reference Type="Other">
<URL>https://nvd.nist.gov/vuln/detail/CVE-2021-23159</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2021-23172</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2021-23210</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2021-33844</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2023-26590</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2023-32627</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2023-34318</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2023-34432</URL>
</Reference>
</DocumentReferences>
<ProductTree xmlns="http://www.icasi.org/CVRF/schema/prod/1.1">
<Branch Type="Product Name" Name="openEuler">
<FullProductName ProductID="openEuler-20.03-LTS-SP1" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">openEuler-20.03-LTS-SP1</FullProductName>
<FullProductName ProductID="openEuler-20.03-LTS-SP3" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">openEuler-20.03-LTS-SP3</FullProductName>
<FullProductName ProductID="openEuler-22.03-LTS" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">openEuler-22.03-LTS</FullProductName>
<FullProductName ProductID="openEuler-22.03-LTS-SP1" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">openEuler-22.03-LTS-SP1</FullProductName>
<FullProductName ProductID="openEuler-22.03-LTS-SP2" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP2">openEuler-22.03-LTS-SP2</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="aarch64">
<FullProductName ProductID="sox-debugsource-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">sox-debugsource-14.4.2.0-29.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="sox-debuginfo-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">sox-debuginfo-14.4.2.0-29.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="sox-devel-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">sox-devel-14.4.2.0-29.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="sox-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">sox-14.4.2.0-29.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="sox-debugsource-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">sox-debugsource-14.4.2.0-29.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="sox-devel-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">sox-devel-14.4.2.0-29.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="sox-debuginfo-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">sox-debuginfo-14.4.2.0-29.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="sox-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">sox-14.4.2.0-29.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="sox-devel-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">sox-devel-14.4.2.0-29.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="sox-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">sox-14.4.2.0-29.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="sox-debugsource-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">sox-debugsource-14.4.2.0-29.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="sox-debuginfo-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">sox-debuginfo-14.4.2.0-29.oe2203.aarch64.rpm</FullProductName>
<FullProductName ProductID="sox-debuginfo-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">sox-debuginfo-14.4.2.0-29.oe2203sp1.aarch64.rpm</FullProductName>
<FullProductName ProductID="sox-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">sox-14.4.2.0-29.oe2203sp1.aarch64.rpm</FullProductName>
<FullProductName ProductID="sox-debugsource-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">sox-debugsource-14.4.2.0-29.oe2203sp1.aarch64.rpm</FullProductName>
<FullProductName ProductID="sox-devel-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">sox-devel-14.4.2.0-29.oe2203sp1.aarch64.rpm</FullProductName>
<FullProductName ProductID="sox-debuginfo-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP2">sox-debuginfo-14.4.2.0-29.oe2203sp2.aarch64.rpm</FullProductName>
<FullProductName ProductID="sox-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP2">sox-14.4.2.0-29.oe2203sp2.aarch64.rpm</FullProductName>
<FullProductName ProductID="sox-devel-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP2">sox-devel-14.4.2.0-29.oe2203sp2.aarch64.rpm</FullProductName>
<FullProductName ProductID="sox-debugsource-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP2">sox-debugsource-14.4.2.0-29.oe2203sp2.aarch64.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="noarch">
<FullProductName ProductID="sox-help-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">sox-help-14.4.2.0-29.oe1.noarch.rpm</FullProductName>
<FullProductName ProductID="sox-help-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">sox-help-14.4.2.0-29.oe1.noarch.rpm</FullProductName>
<FullProductName ProductID="sox-help-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">sox-help-14.4.2.0-29.oe2203.noarch.rpm</FullProductName>
<FullProductName ProductID="sox-help-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">sox-help-14.4.2.0-29.oe2203sp1.noarch.rpm</FullProductName>
<FullProductName ProductID="sox-help-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP2">sox-help-14.4.2.0-29.oe2203sp2.noarch.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="src">
<FullProductName ProductID="sox-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">sox-14.4.2.0-29.oe1.src.rpm</FullProductName>
<FullProductName ProductID="sox-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">sox-14.4.2.0-29.oe1.src.rpm</FullProductName>
<FullProductName ProductID="sox-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">sox-14.4.2.0-29.oe2203.src.rpm</FullProductName>
<FullProductName ProductID="sox-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">sox-14.4.2.0-29.oe2203sp1.src.rpm</FullProductName>
<FullProductName ProductID="sox-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP2">sox-14.4.2.0-29.oe2203sp2.src.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="x86_64">
<FullProductName ProductID="sox-debuginfo-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">sox-debuginfo-14.4.2.0-29.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="sox-devel-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">sox-devel-14.4.2.0-29.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="sox-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">sox-14.4.2.0-29.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="sox-debugsource-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">sox-debugsource-14.4.2.0-29.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="sox-debugsource-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">sox-debugsource-14.4.2.0-29.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="sox-debuginfo-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">sox-debuginfo-14.4.2.0-29.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="sox-devel-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">sox-devel-14.4.2.0-29.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="sox-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP3">sox-14.4.2.0-29.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="sox-devel-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">sox-devel-14.4.2.0-29.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="sox-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">sox-14.4.2.0-29.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="sox-debugsource-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">sox-debugsource-14.4.2.0-29.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="sox-debuginfo-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:22.03-LTS">sox-debuginfo-14.4.2.0-29.oe2203.x86_64.rpm</FullProductName>
<FullProductName ProductID="sox-debugsource-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">sox-debugsource-14.4.2.0-29.oe2203sp1.x86_64.rpm</FullProductName>
<FullProductName ProductID="sox-devel-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">sox-devel-14.4.2.0-29.oe2203sp1.x86_64.rpm</FullProductName>
<FullProductName ProductID="sox-debuginfo-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">sox-debuginfo-14.4.2.0-29.oe2203sp1.x86_64.rpm</FullProductName>
<FullProductName ProductID="sox-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">sox-14.4.2.0-29.oe2203sp1.x86_64.rpm</FullProductName>
<FullProductName ProductID="sox-devel-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP2">sox-devel-14.4.2.0-29.oe2203sp2.x86_64.rpm</FullProductName>
<FullProductName ProductID="sox-debugsource-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP2">sox-debugsource-14.4.2.0-29.oe2203sp2.x86_64.rpm</FullProductName>
<FullProductName ProductID="sox-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP2">sox-14.4.2.0-29.oe2203sp2.x86_64.rpm</FullProductName>
<FullProductName ProductID="sox-debuginfo-14.4.2.0-29" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP2">sox-debuginfo-14.4.2.0-29.oe2203sp2.x86_64.rpm</FullProductName>
</Branch>
</ProductTree>
<Vulnerability Ordinal="1" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function lsx_read_w_buf() in formats_i.c file. The vulnerability is exploitable with a crafted file, that could cause an application to crash.</Note>
</Notes>
<ReleaseDate>2023-12-15</ReleaseDate>
<CVE>CVE-2021-23159</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
<ProductID>openEuler-22.03-LTS</ProductID>
<ProductID>openEuler-22.03-LTS-SP1</ProductID>
<ProductID>openEuler-22.03-LTS-SP2</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Medium</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>5.5</BaseScore>
<Vector>AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>sox security update</Description>
<DATE>2023-12-15</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1931</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="2" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="2" xml:lang="en">A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function startread() in hcom.c file. The vulnerability is exploitable with a crafted hcomn file, that could cause an application to crash.</Note>
</Notes>
<ReleaseDate>2023-12-15</ReleaseDate>
<CVE>CVE-2021-23172</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
<ProductID>openEuler-22.03-LTS</ProductID>
<ProductID>openEuler-22.03-LTS-SP1</ProductID>
<ProductID>openEuler-22.03-LTS-SP2</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Medium</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>5.5</BaseScore>
<Vector>AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>sox security update</Description>
<DATE>2023-12-15</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1931</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="3" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="3" xml:lang="en">A floating point exception (divide-by-zero) issue was discovered in SoX in functon read_samples() of voc.c file. An attacker with a crafted file, could cause an application to crash.</Note>
</Notes>
<ReleaseDate>2023-12-15</ReleaseDate>
<CVE>CVE-2021-23210</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
<ProductID>openEuler-22.03-LTS</ProductID>
<ProductID>openEuler-22.03-LTS-SP1</ProductID>
<ProductID>openEuler-22.03-LTS-SP2</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Medium</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>5.5</BaseScore>
<Vector>AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>sox security update</Description>
<DATE>2023-12-15</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1931</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="4" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="4" xml:lang="en">A floating point exception (divide-by-zero) issue was discovered in SoX in functon startread() of wav.c file. An attacker with a crafted wav file, could cause an application to crash.</Note>
</Notes>
<ReleaseDate>2023-12-15</ReleaseDate>
<CVE>CVE-2021-33844</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
<ProductID>openEuler-22.03-LTS</ProductID>
<ProductID>openEuler-22.03-LTS-SP1</ProductID>
<ProductID>openEuler-22.03-LTS-SP2</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Medium</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>5.5</BaseScore>
<Vector>AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>sox security update</Description>
<DATE>2023-12-15</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1931</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="5" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="5" xml:lang="en">A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service.</Note>
</Notes>
<ReleaseDate>2023-12-15</ReleaseDate>
<CVE>CVE-2023-26590</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
<ProductID>openEuler-22.03-LTS</ProductID>
<ProductID>openEuler-22.03-LTS-SP1</ProductID>
<ProductID>openEuler-22.03-LTS-SP2</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Medium</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>5.5</BaseScore>
<Vector>AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>sox security update</Description>
<DATE>2023-12-15</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1931</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="6" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="6" xml:lang="en">A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service.</Note>
</Notes>
<ReleaseDate>2023-12-15</ReleaseDate>
<CVE>CVE-2023-32627</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
<ProductID>openEuler-22.03-LTS</ProductID>
<ProductID>openEuler-22.03-LTS-SP1</ProductID>
<ProductID>openEuler-22.03-LTS-SP2</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Medium</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>5.5</BaseScore>
<Vector>AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>sox security update</Description>
<DATE>2023-12-15</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1931</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="7" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="7" xml:lang="en">A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code execution, or information disclosure.</Note>
</Notes>
<ReleaseDate>2023-12-15</ReleaseDate>
<CVE>CVE-2023-34318</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
<ProductID>openEuler-22.03-LTS</ProductID>
<ProductID>openEuler-22.03-LTS-SP1</ProductID>
<ProductID>openEuler-22.03-LTS-SP2</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>High</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>7.8</BaseScore>
<Vector>AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>sox security update</Description>
<DATE>2023-12-15</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1931</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="8" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="8" xml:lang="en">A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure.</Note>
</Notes>
<ReleaseDate>2023-12-15</ReleaseDate>
<CVE>CVE-2023-34432</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
<ProductID>openEuler-20.03-LTS-SP3</ProductID>
<ProductID>openEuler-22.03-LTS</ProductID>
<ProductID>openEuler-22.03-LTS-SP1</ProductID>
<ProductID>openEuler-22.03-LTS-SP2</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>High</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>7.8</BaseScore>
<Vector>AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>sox security update</Description>
<DATE>2023-12-15</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1931</URL>
</Remediation>
</Remediations>
</Vulnerability>
</cvrfdoc>
Reference in New Issue View Git Blame Copy Permalink