CVE-2023-53966
9.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
SOUND4 LinkAndShare Transmitter 1.1.2 contains a format string vulnerability that allows attackers to trigger memory stack overflows through maliciously crafted environment variables. Attackers can manipulate the username environment variable with format string payloads to potentially execute arbitrary code and crash the application.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SOUND4 Ltd. | SOUND4 LinkAndShare Transmitter | 1.1.2 | affected |
Weaknesses
- CWE-134: Use of Externally-Controlled Format String
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: total
Additional References
References
- https://www.exploit-db.com/exploits/51259
- https://web.archive.org/web/20221207074555/https://www.sound4.com/
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5744.php
- https://www.vulncheck.com/advisories/sound-linkandshare-transmitter-format-string-stack-buffer-overflow
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.