Main Vulnerability Database Vulnerabilities #VU60561

Integer underflow in One Speaker - CVE-2022-24046

Published: February 14, 2022

Vulnerability identifier: #VU60561

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2022-24046

CWE-ID: CWE-191

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Sonos

Affected software:
One Speaker

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer underflow within the anacapd daemon. A remote attacker can send a specially crafted request to the affected application, trigger integer underflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2022-24046

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources

https://www.zerodayinitiative.com/advisories/ZDI-22-260/

Integer underflow in One Speaker - CVE-2022-24046

Detailed vulnerability description

How to mitigate CVE-2022-24046

Sources

Please verify you're human