CVE-2023-53966

Summary

SOUND4 LinkAndShare Transmitter 1.1.2 contains a format string vulnerability that allows attackers to trigger memory stack overflows through maliciously crafted environment variables. Attackers can manipulate the username environment variable with format string payloads to potentially execute arbitrary code and crash the application.

Affected Software

VendorProductVersion RangeStatus
SOUND4 Ltd.SOUND4 LinkAndShare Transmitter1.1.2affected

Weaknesses

  • CWE-134: Use of Externally-Controlled Format String

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

Additional References

References