{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-49994", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T22:09:49.640Z", "dateReserved": "2023-12-04T00:00:00", "datePublished": "2023-12-12T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-01-19T04:06:53.748161"}, "descriptions": [{"lang": "en", "value": "Espeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function PeaksToHarmspect at wavegen.c."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/espeak-ng/espeak-ng/issues/1823"}, {"name": "FEDORA-2024-5661c87b25", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z5WW6RKHRWLEMCKCQ6UZCXWC5J7UWMUQ/"}, {"name": "FEDORA-2024-698737a3c5", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PZEBWPNKPAYJMIM3AS2RP3FL6FX3HS4/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:09:49.640Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/espeak-ng/espeak-ng/issues/1823", "tags": ["x_transferred"]}, {"name": "FEDORA-2024-5661c87b25", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z5WW6RKHRWLEMCKCQ6UZCXWC5J7UWMUQ/"}, {"name": "FEDORA-2024-698737a3c5", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PZEBWPNKPAYJMIM3AS2RP3FL6FX3HS4/"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:espeak-ng:espeak-ng:1.52:dev:*:*:*:*:*:*", "matchCriteriaId": "B073B0F6-3979-4E7D-BF6F-29C9EB1F3480", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Espeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function PeaksToHarmspect at wavegen.c."}, {"lang": "es", "value": "Se descubri\u00f3 que Espeak-ng 1.52-dev contiene una excepci\u00f3n de punto flotante a trav\u00e9s de la funci\u00f3n PeaksToHarmspect en wavegen.c."}], "id": "CVE-2023-49994", "lastModified": "2024-01-19T04:15:09.237", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-12T14:15:07.750", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://github.com/espeak-ng/espeak-ng/issues/1823"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PZEBWPNKPAYJMIM3AS2RP3FL6FX3HS4/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z5WW6RKHRWLEMCKCQ6UZCXWC5J7UWMUQ/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-697"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "espeak-ng: floating point exception in PeaksToHarmspect at wavegen.c", "id": "2254235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254235"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-1077", "details": ["Espeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function PeaksToHarmspect at wavegen.c.", "A flaw was found in the espeak-ng package. A local attacker can use a specially crafted payload to trigger a floating point exception error, which may lead to a denial of service."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-49994", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "espeak-ng", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "espeak-ng", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2023-12-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-49994\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-49994"], "statement": "The Floating Point Exception discovered in espeak-ng within the PeaksToHarmspect function in wavegen.c is assessed as a low severity issue due to its limited impact and mitigating factors. Primarily, the occurrence of Floating Point Exceptions typically arises from non-standard floating-point operations, often involving division by zero or invalid arithmetic operations. However, these exceptions commonly trigger robust error handling mechanisms inherent in modern operating systems and programming environments, preventing program crashes or security vulnerabilities. Furthermore, the specific context of the issue within the PeaksToHarmspect function suggests its occurrence within a particular computational routine for generating waveforms, likely constrained to specific usage scenarios and input conditions. Consequently, its impact is localized and may not manifest in typical usage scenarios or pose significant risks to system stability or security.", "threat_severity": "Low"}