{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-47600", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-09-27T20:37:22.118Z", "datePublished": "2024-12-11T19:03:13.938Z", "dateUpdated": "2024-12-12T14:27:55.278Z"}, "containers": {"cna": {"title": "GHSL-2024-248: GStreamer has an OOB-read in format_channel_mask", "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "lang": "en", "description": "CWE-125: Out-of-bounds Read", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://securitylab.github.com/advisories/GHSL-2024-248_Gstreamer/", "tags": ["x_refsource_CONFIRM"], "url": "https://securitylab.github.com/advisories/GHSL-2024-248_Gstreamer/"}, {"name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8034.patch", "tags": ["x_refsource_MISC"], "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8034.patch"}, {"name": "https://gstreamer.freedesktop.org/security/sa-2024-0018.html", "tags": ["x_refsource_MISC"], "url": "https://gstreamer.freedesktop.org/security/sa-2024-0018.html"}], "affected": [{"vendor": "gstreamer", "product": "gstreamer", "versions": [{"version": "< 1.24.10", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-12-11T19:03:13.938Z"}, "descriptions": [{"lang": "en", "value": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. However, the function gst_discoverer_audio_info_get_channels may return a guint channels value greater than 64. This causes the for loop to attempt access beyond the bounds of the position array, resulting in an OOB-read when an index greater than 63 is used. This vulnerability can result in reading unintended bytes from the stack. Additionally, the dereference of value->value_nick after the OOB-read can lead to further memory corruption or undefined behavior. This vulnerability is fixed in 1.24.10."}], "source": {"advisory": "GHSA-fg6q-9rhh-fmh7", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-12T14:27:40.940103Z", "id": "CVE-2024-47600", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-12T14:27:55.278Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-47600", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-12-12T14:27:40.940103Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-12T14:27:49.698Z"}}], "cna": {"title": "GHSL-2024-248: GStreamer has an OOB-read in format_channel_mask", "source": {"advisory": "GHSA-fg6q-9rhh-fmh7", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE"}}], "affected": [{"vendor": "gstreamer", "product": "gstreamer", "versions": [{"status": "affected", "version": "< 1.24.10"}]}], "references": [{"url": "https://securitylab.github.com/advisories/GHSL-2024-248_Gstreamer/", "name": "https://securitylab.github.com/advisories/GHSL-2024-248_Gstreamer/", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8034.patch", "name": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8034.patch", "tags": ["x_refsource_MISC"]}, {"url": "https://gstreamer.freedesktop.org/security/sa-2024-0018.html", "name": "https://gstreamer.freedesktop.org/security/sa-2024-0018.html", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. However, the function gst_discoverer_audio_info_get_channels may return a guint channels value greater than 64. This causes the for loop to attempt access beyond the bounds of the position array, resulting in an OOB-read when an index greater than 63 is used. This vulnerability can result in reading unintended bytes from the stack. Additionally, the dereference of value->value_nick after the OOB-read can lead to further memory corruption or undefined behavior. This vulnerability is fixed in 1.24.10."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-12-11T19:03:13.938Z"}}}, "cveMetadata": {"cveId": "CVE-2024-47600", "state": "PUBLISHED", "dateUpdated": "2024-12-12T14:27:55.278Z", "dateReserved": "2024-09-27T20:37:22.118Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-12-11T19:03:13.938Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:*", "matchCriteriaId": "82BF8403-8CE2-4AFC-865F-FD40A77D20E0", "versionEndExcluding": "1.24.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. However, the function gst_discoverer_audio_info_get_channels may return a guint channels value greater than 64. This causes the for loop to attempt access beyond the bounds of the position array, resulting in an OOB-read when an index greater than 63 is used. This vulnerability can result in reading unintended bytes from the stack. Additionally, the dereference of value->value_nick after the OOB-read can lead to further memory corruption or undefined behavior. This vulnerability is fixed in 1.24.10."}, {"lang": "es", "value": "GStreamer es una librer\u00eda para construir gr\u00e1ficos de componentes de manejo de medios. Se ha detectado una vulnerabilidad de lectura OOB en la funci\u00f3n format_channel_mask en gst-discoverer.c. La vulnerabilidad afecta a la posici\u00f3n de la matriz local, que se define con un tama\u00f1o fijo de 64 elementos. Sin embargo, la funci\u00f3n gst_discoverer_audio_info_get_channels puede devolver un valor de canales guint mayor que 64. Esto hace que el bucle for intente acceder m\u00e1s all\u00e1 de los l\u00edmites de la matriz de posici\u00f3n, lo que da como resultado una lectura OOB cuando se utiliza un \u00edndice mayor que 63. Esta vulnerabilidad puede dar como resultado la lectura de bytes no deseados de la pila. Adem\u00e1s, la desreferencia de value-&gt;value_nick despu\u00e9s de la lectura OOB puede provocar una mayor corrupci\u00f3n de la memoria o un comportamiento indefinido. Esta vulnerabilidad se corrigi\u00f3 en 1.24.10."}], "id": "CVE-2024-47600", "lastModified": "2024-12-18T21:43:04.660", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "LOW", "vulnerableSystemConfidentiality": "NONE", "vulnerableSystemIntegrity": "LOW"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-12-12T02:03:31.577", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8034.patch"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://gstreamer.freedesktop.org/security/sa-2024-0018.html"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://securitylab.github.com/advisories/GHSL-2024-248_Gstreamer/"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "gstreamer1-plugins-base: GStreamer has an OOB-read in format_channel_mask", "id": "2331738", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331738"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "status": "draft"}, "cwe": "CWE-125", "details": ["GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. However, the function gst_discoverer_audio_info_get_channels may return a guint channels value greater than 64. This causes the for loop to attempt access beyond the bounds of the position array, resulting in an OOB-read when an index greater than 63 is used. This vulnerability can result in reading unintended bytes from the stack. Additionally, the dereference of value->value_nick after the OOB-read can lead to further memory corruption or undefined behavior. This vulnerability is fixed in 1.24.10.", "A flaw was found in the GStreamer library. An out-of-bounds read in the gst-discoverer-1.0 command line tool can cause crashes for certain input files, potentially allowing a malicious third party to trigger an application crash. This issue only affects the gst-discoverer-1.0 command line tool and not any other applications using GStreamer."], "name": "CVE-2024-47600", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "gstreamer1-plugins-base", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "gstreamer1-plugins-base", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "gstreamer1-plugins-base", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-12-11T19:03:13Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-47600\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-47600\nhttps://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8034.patch\nhttps://gstreamer.freedesktop.org/security/sa-2024-0018.html\nhttps://securitylab.github.com/advisories/GHSL-2024-248_Gstreamer/"], "threat_severity": "Moderate"}