{"containers": {"cna": {"affected": [{"product": "SoX (Sound eXchange)", "vendor": "n/a", "versions": [{"status": "affected", "version": "Not Known"}]}], "descriptions": [{"lang": "en", "value": "A floating point exception (divide-by-zero) issue was discovered in SoX in functon startread() of wav.c file. An attacker with a crafted wav file, could cause an application to crash."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-369", "description": "CWE-369 - Divide By Zero", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-25T19:34:38", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975664"}, {"tags": ["x_refsource_MISC"], "url": "https://access.redhat.com/security/cve/CVE-2021-33844"}, {"tags": ["x_refsource_MISC"], "url": "https://sourceforge.net/p/sox/bugs/349/"}, {"tags": ["x_refsource_MISC"], "url": "https://security.archlinux.org/CVE-2021-33844"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:58:23.170Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975664"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://access.redhat.com/security/cve/CVE-2021-33844"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://sourceforge.net/p/sox/bugs/349/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://security.archlinux.org/CVE-2021-33844"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-33844", "datePublished": "2022-08-25T19:34:38", "dateReserved": "2021-06-04T00:00:00", "dateUpdated": "2024-08-03T23:58:23.170Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sox_project:sox:14.4.2-7:*:*:*:*:*:*:*", "matchCriteriaId": "D568262D-27C8-459D-8901-95F057CCB7F5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A floating point exception (divide-by-zero) issue was discovered in SoX in functon startread() of wav.c file. An attacker with a crafted wav file, could cause an application to crash."}, {"lang": "es", "value": "Se ha detectado un problema de excepci\u00f3n de punto flotante (divisi\u00f3n por cero) en SoX en la funci\u00f3n startread() del archivo wav.c. Un atacante con un archivo wav dise\u00f1ado, podr\u00eda causar un bloqueo en la aplicaci\u00f3n."}], "id": "CVE-2021-33844", "lastModified": "2024-11-21T06:09:40.883", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-25T20:15:09.087", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2021-33844"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975664"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.archlinux.org/CVE-2021-33844"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://sourceforge.net/p/sox/bugs/349/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2021-33844"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975664"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.archlinux.org/CVE-2021-33844"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://sourceforge.net/p/sox/bugs/349/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-369"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-369"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"bugzilla": {"description": "SoX: divide by zero crash in wav.c", "id": "1975664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975664"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-369", "details": ["A floating point exception (divide-by-zero) issue was discovered in SoX in functon startread() of wav.c file. An attacker with a crafted wav file, could cause an application to crash."], "name": "CVE-2021-33844", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "sox", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "sox", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:1", "fix_state": "Affected", "package_name": "sox", "product_name": "Red Hat Enterprise Linux AI (RHEL AI)"}], "public_date": "2021-04-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-33844\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-33844"], "threat_severity": "Low"}