cve-2024-10573
Vulnerability from cvelistv5
Published
2024-10-31 18:31
Modified
2025-01-02 14:22
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is considered high as the payload must be validated by the MPEG decoder and the PCM synth before execution. Additionally, to successfully execute the attack, the user must scan through the stream, making web live stream content (such as web radios) a very unlikely attack vector.
References
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:11193
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:11242
secalert@redhat.comhttps://access.redhat.com/security/cve/CVE-2024-10573
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2322980
secalert@redhat.comhttps://mpg123.org/cgi-bin/news.cgi#2024-10-26
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2024/10/30/3
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2024/10/31/4
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2024/11/01/1
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2024/11/msg00025.html
Impacted products
Vendor Product Version
Version: 0   
Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:1.32.9-1.el8_10   < *
    cpe:/a:redhat:enterprise_linux:8::crb
    cpe:/a:redhat:enterprise_linux:8::appstream
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:1.32.9-1.el9_5   < *
    cpe:/a:redhat:enterprise_linux:9::crb
    cpe:/a:redhat:enterprise_linux:9::appstream
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-11-26T23:02:44.582Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  url: "http://www.openwall.com/lists/oss-security/2024/10/30/3",
               },
               {
                  url: "http://www.openwall.com/lists/oss-security/2024/10/31/4",
               },
               {
                  url: "http://www.openwall.com/lists/oss-security/2024/11/01/1",
               },
               {
                  url: "https://lists.debian.org/debian-lts-announce/2024/11/msg00025.html",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2024-10573",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-31T19:37:55.533250Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-31T19:38:05.545Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               collectionURL: "https://sourceforge.net/projects/mpg123/",
               defaultStatus: "unaffected",
               packageName: "mpg123",
               versions: [
                  {
                     lessThan: "1.32.8",
                     status: "affected",
                     version: "0",
                     versionType: "semver",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:enterprise_linux:8::crb",
                  "cpe:/a:redhat:enterprise_linux:8::appstream",
               ],
               defaultStatus: "affected",
               packageName: "mpg123",
               product: "Red Hat Enterprise Linux 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:1.32.9-1.el8_10",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:enterprise_linux:9::crb",
                  "cpe:/a:redhat:enterprise_linux:9::appstream",
               ],
               defaultStatus: "affected",
               packageName: "mpg123",
               product: "Red Hat Enterprise Linux 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:1.32.9-1.el9_5",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/o:redhat:enterprise_linux:7",
               ],
               defaultStatus: "unknown",
               packageName: "mpg123",
               product: "Red Hat Enterprise Linux 7",
               vendor: "Red Hat",
            },
         ],
         datePublic: "2024-10-30T00:00:00+00:00",
         descriptions: [
            {
               lang: "en",
               value: "An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is considered high as the payload must be validated by the MPEG decoder and the PCM synth before execution. Additionally, to successfully execute the attack, the user must scan through the stream, making web live stream content (such as web radios) a very unlikely attack vector.",
            },
         ],
         metrics: [
            {
               other: {
                  content: {
                     namespace: "https://access.redhat.com/security/updates/classification/",
                     value: "Moderate",
                  },
                  type: "Red Hat severity rating",
               },
            },
            {
               cvssV3_1: {
                  attackComplexity: "HIGH",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 6.7,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               format: "CVSS",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-787",
                     description: "Out-of-bounds Write",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2025-01-02T14:22:11.384Z",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2024:11193",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:11193",
            },
            {
               name: "RHSA-2024:11242",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:11242",
            },
            {
               tags: [
                  "vdb-entry",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/security/cve/CVE-2024-10573",
            },
            {
               name: "RHBZ#2322980",
               tags: [
                  "issue-tracking",
                  "x_refsource_REDHAT",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=2322980",
            },
            {
               url: "https://mpg123.org/cgi-bin/news.cgi#2024-10-26",
            },
         ],
         timeline: [
            {
               lang: "en",
               time: "2024-10-31T17:13:17.471000+00:00",
               value: "Reported to Red Hat.",
            },
            {
               lang: "en",
               time: "2024-10-30T00:00:00+00:00",
               value: "Made public.",
            },
         ],
         title: "Mpg123: buffer overflow when writing decoded pcm samples",
         workarounds: [
            {
               lang: "en",
               value: "This vulnerability can be mitigated by using the --no-frankenstein option to the mpg123 application.",
            },
         ],
         x_redhatCweChain: "CWE-787: Out-of-bounds Write",
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2024-10573",
      datePublished: "2024-10-31T18:31:55.940Z",
      dateReserved: "2024-10-30T22:56:02.827Z",
      dateUpdated: "2025-01-02T14:22:11.384Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2024-10573\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2024-10-31T19:15:12.540\",\"lastModified\":\"2024-12-18T09:15:05.593\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is considered high as the payload must be validated by the MPEG decoder and the PCM synth before execution. Additionally, to successfully execute the attack, the user must scan through the stream, making web live stream content (such as web radios) a very unlikely attack vector.\"},{\"lang\":\"es\",\"value\":\"Se encontró un fallo de escritura fuera de los límites en mpg123 al manejar transmisiones creadas. Al decodificar PCM, libmpg123 puede escribir más allá del final de un búfer ubicado en el almacenamiento dinámico. En consecuencia, puede ocurrir una corrupción del almacenamiento dinámico y no se descarta la ejecución de código arbitrario. La complejidad requerida para explotar este fallo se considera alta ya que el payload debe ser validado por el decodificador MPEG y el sintetizador PCM antes de la ejecución. Además, para ejecutar el ataque con éxito, el usuario debe escanear la transmisión, lo que hace que el contenido de transmisión en vivo web (como radios web) sea un vector de ataque muy poco probable.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":6.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2024:11193\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:11242\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2024-10573\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2322980\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://mpg123.org/cgi-bin/news.cgi#2024-10-26\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/10/30/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/10/31/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/11/01/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/11/msg00025.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
      vulnrichment: {
         containers: "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2024/10/30/3\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/10/31/4\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/11/01/1\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/11/msg00025.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-11-26T23:02:44.582Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-10573\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-31T19:37:55.533250Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-31T19:38:01.805Z\"}}], \"cna\": {\"title\": \"Mpg123: buffer overflow when writing decoded pcm samples\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Moderate\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.7, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.32.8\", \"versionType\": \"semver\"}], \"packageName\": \"mpg123\", \"collectionURL\": \"https://sourceforge.net/projects/mpg123/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:8::crb\", \"cpe:/a:redhat:enterprise_linux:8::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:1.32.9-1.el8_10\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"mpg123\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::crb\", \"cpe:/a:redhat:enterprise_linux:9::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:1.32.9-1.el9_5\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"mpg123\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 7\", \"packageName\": \"mpg123\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unknown\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2024-10-31T17:13:17.471000+00:00\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2024-10-30T00:00:00+00:00\", \"value\": \"Made public.\"}], \"datePublic\": \"2024-10-30T00:00:00+00:00\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2024:11193\", \"name\": \"RHSA-2024:11193\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:11242\", \"name\": \"RHSA-2024:11242\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2024-10573\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2322980\", \"name\": \"RHBZ#2322980\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://mpg123.org/cgi-bin/news.cgi#2024-10-26\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"This vulnerability can be mitigated by using the --no-frankenstein option to the mpg123 application.\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An out-of-bounds write flaw was found in mpg123 when handling crafted streams. When decoding PCM, the libmpg123 may write past the end of a heap-located buffer. Consequently, heap corruption may happen, and arbitrary code execution is not discarded. The complexity required to exploit this flaw is considered high as the payload must be validated by the MPEG decoder and the PCM synth before execution. Additionally, to successfully execute the attack, the user must scan through the stream, making web live stream content (such as web radios) a very unlikely attack vector.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2025-01-02T14:22:11.384Z\"}, \"x_redhatCweChain\": \"CWE-787: Out-of-bounds Write\"}}",
         cveMetadata: "{\"cveId\": \"CVE-2024-10573\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-02T14:22:11.384Z\", \"dateReserved\": \"2024-10-30T22:56:02.827Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2024-10-31T18:31:55.940Z\", \"assignerShortName\": \"redhat\"}",
         dataType: "CVE_RECORD",
         dataVersion: "5.1",
      },
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.