Main Vulnerability Database Vulnerabilities #VU75160

Integer overflow in One Speaker - CVE-2023-27354

Published: April 17, 2023 / Updated: April 24, 2023

Vulnerability identifier: #VU75160

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Clear

CVE-ID: CVE-2023-27354

CWE-ID: CWE-190

Exploitation vector: Adjecent network

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
One Speaker

Software vendor:
Sonos

Description

The vulnerability allows a remote attacker to gain access to sensitive information on the system.

The vulnerability exists due to integer overflow within the processing of the SMB directory query command. A remote attacker on the local network can pass specially crafted data to the application, trigger integer overflow and disclose sensitive information on the target system.

Remediation

Install updates from vendor's website.

External links

https://www.zerodayinitiative.com/advisories/ZDI-23-446/

Integer overflow in One Speaker - CVE-2023-27354

Description

Remediation

External links

Please verify you're human