{"containers": {"cna": {"affected": [{"product": "SoX (Sound eXchange)", "vendor": "n/a", "versions": [{"status": "affected", "version": "Not Known"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function startread() in hcom.c file. The vulnerability is exploitable with a crafted hcomn file, that could cause an application to crash."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-120", "description": "CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-25T19:36:27", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975666"}, {"tags": ["x_refsource_MISC"], "url": "https://access.redhat.com/security/cve/CVE-2021-23172"}, {"tags": ["x_refsource_MISC"], "url": "https://sourceforge.net/p/sox/bugs/350/"}, {"tags": ["x_refsource_MISC"], "url": "https://security.archlinux.org/CVE-2021-23172"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T19:05:54.449Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975666"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://access.redhat.com/security/cve/CVE-2021-23172"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://sourceforge.net/p/sox/bugs/350/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://security.archlinux.org/CVE-2021-23172"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-23172", "datePublished": "2022-08-25T19:36:27", "dateReserved": "2021-06-04T00:00:00", "dateUpdated": "2024-08-03T19:05:54.449Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sox_project:sox:14.4.2-7:*:*:*:*:*:*:*", "matchCriteriaId": "D568262D-27C8-459D-8901-95F057CCB7F5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function startread() in hcom.c file. The vulnerability is exploitable with a crafted hcomn file, that could cause an application to crash."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad en SoX, donde es producido un desbordamiento del b\u00fafer de la pila en la funci\u00f3n startread() del archivo hcom.c. La vulnerabilidad puede explotarse con un archivo hcomn dise\u00f1ado, que podr\u00eda causar el bloqueo de una aplicaci\u00f3n."}], "id": "CVE-2021-23172", "lastModified": "2023-02-12T22:15:18.563", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-25T20:15:08.977", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2021-23172"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975666"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.archlinux.org/CVE-2021-23172"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://sourceforge.net/p/sox/bugs/350/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "secalert@redhat.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"bugzilla": {"description": "sox: heap overflow in hcom.c", "id": "1975666", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975666"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-120", "details": ["A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function startread() in hcom.c file. The vulnerability is exploitable with a crafted hcomn file, that could cause an application to crash."], "name": "CVE-2021-23172", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "sox", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "sox", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2021-04-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-23172\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-23172"], "threat_severity": "Low"}