Bug 2212283 (CVE-2023-34318)

Summary: CVE-2023-34318 sox: heap-buffer-overflow in src/hcom.c
Product: [Other] Security Response Reporter: Dhananjay Arunesh <darunesh>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: anujrajgiri, carlseoservices, jkucera, lirehoc685, loweaddison35, redesaf626, turkpasscenter
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code execution, or information disclosure.
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-06-05 12:56:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2212285, 2212284    
Bug Blocks: 2203208    

Description Dhananjay Arunesh 2023-06-05 07:58:34 UTC
A vulnerabilty was found in sox v14.4.3, heap-buffer-overflow vulnerability that exists in the startread function at sox/src/hcom.c:160:41. This vulnerability could lead to security issues such as denial of service, code execution, or information disclosure

References:
https://sourceforge.net/p/sox/bugs/368/

Comment 1 Dhananjay Arunesh 2023-06-05 07:58:59 UTC
Created sox tracking bugs for this issue:

Affects: epel-all [bug 2212285]
Affects: fedora-all [bug 2212284]

Comment 2 Bruce Horne 2024-01-18 07:58:07 UTC
I've observed that systemd is used in userspace by one of the tools we use that says it supports Red Hat. Which viewpoint does the government espouse?

Systemd user service error: https://help.tableau.com/current/server-linux/en-us.htm https://geometrydashworld.net The systemd user service is utilized, although not as often as the normal systemd process manager. Red Hat deactivated the systemd user service in RHEL 7 (and so all RHEL-derived distributions, such as CentOS, Oracle Linux 7, and Amazon Linux 2). Nonetheless, RedHat has told Tableau that utilizing the systemd user service is OK as long as the service is reactivated."



View my critique of their method at https://access.redhat.com/solutions/3461241

Comment 3 Bob Smith 2024-02-01 08:57:38 UTC
(In reply to Bruce Horne from comment #2)
> I've observed that systemd is used in userspace by one of the tools we use
> that says it supports Red Hat. Which viewpoint does the government espouse?
> 
> Systemd user service error:
> https://help.tableau.com/current/server-linux/en-us.htm https://fethiyetours.com The systemd user service is utilized, although
> not as often as the normal systemd process manager. Red Hat deactivated the
> systemd user service in RHEL 7 (and so all RHEL-derived distributions, such
> as CentOS, Oracle Linux 7, and Amazon Linux 2). Nonetheless, RedHat has told
> Tableau that utilizing the systemd user service is OK as long as the service
> is reactivated."
> 
> 
> 
> View my critique of their method at
> https://access.redhat.com/solutions/3461241

Thanks for information

Comment 4 continuetable 2024-04-19 02:44:33 UTC
A heap buffer overflow means that data is written outside the bounds of dynamically allocated memory (on the heap) due to insufficient boundary checks.
https://access.redhat.com/solutions/3461241/https://dino-game.co

Comment 5 continuetable 2024-04-19 02:46:54 UTC
A heap buffer overflow means that data is written outside the bounds of dynamically allocated memory (on the heap) due to insufficient boundary checks.
https://access.redhat.com/solutions/3461241/ https://dino-game.co

Comment 6 Anuj 2024-06-10 20:44:43 UTC
The great Information on Lukla Flight at https://whitehilladventure.com/lukla-flight/
Thank for the giving Informations Support.

Comment 7 Piveso 2024-07-06 15:02:36 UTC
Neal Fun is an innovative and entertaining website that offers a variety of interactive and educational web projects. The site is known for its creative and engaging experiences that captivate users of all ages, making learning fun and accessible. Whether you're interested in exploring historical events, visualizing data, or simply playing around with unique simulations, Neal Fun has something for everyone. You can explore all these fascinating projects on https://neal-fun.org/

Comment 8 carlseoservices 2024-07-12 18:13:40 UTC
Unquestionably a tremendous effort! Seeing such well-reasoned and articulate ideas written out is inspiring. In addition to being delightful, the writing was exquisite. Please visit SEO Services for more information and expert assistance. https://ai-seoservices.com