CVE-2022-2476
Published: 07/19/2022 20:15:11
A null pointer dereference bug was found in wavpack-5.4.0 The results from the ASAN log: AddressSanitizer:DEADLYSIGNAL ===================================================================84257==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x561b47a970c6 bp 0x7fff13952fb0 sp 0x7fff1394fca0 T0) ==84257==The signal is caused by a WRITE memory access. ==84257==Hint: address points to the zero page. #0 0x561b47a970c5 in main cli/wvunpack.c:834 #1 0x7efc4f5c0082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) #2 0x561b47a945ed in _start (/usr/local/bin/wvunpack+0xa5ed) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV cli/wvunpack.c:834 in main ==84257==ABORTING
MEDIUM
CVSS v3: 5.5
CVSS v3: 5.5
Status
| DocFilters Release | Package | State | Justification | Comment |
|---|---|---|---|---|
| 25.1 | wavpack (5.6.0) | Not Affected | Code Not Present | not-exploitable: issue is in cli tool, not library |
| 24.4 | wavpack (5.6.0) | Not Affected | Code Not Present | not-exploitable: issue is in cli tool, not library |
| 24.4.0 | wavpack (5.6.0) | Not Affected | Code Not Present | not-exploitable: issue is in cli tool, not library |
| 24.3 | wavpack (5.6.0) | Not Affected | Code Not Present | not-exploitable: issue is in cli tool, not library |
| 24.2.1 | wavpack (5.6.0) | Not Affected | Code Not Present | not-exploitable: issue is in cli tool, not library |
| 24.2 | wavpack (5.6.0) | Not Affected | Code Not Present | not-exploitable: issue is in cli tool, not library |
| 24.1 | wavpack (5.6.0) | Not Affected | Code Not Present | not-exploitable: issue is in cli tool, not library |
| 23.3 | wavpack (5.6.0) | Not Affected | Code Not Present | not-exploitable: issue is in cli tool, not library |
| 23.2.1 | wavpack (5.4.0) | Not Affected | Code Not Present | not-exploitable: issue is in cli tool, not library |
| 23.2 | wavpack (5.4.0) | Not Affected | Code Not Present | not-exploitable: issue is in cli tool, not library |
| 23.1 | wavpack (5.4.0) | Not Affected | Code Not Present | not-exploitable: issue is in cli tool, not library |
| 22.4 | wavpack (5.4.0) | Not Affected | Code Not Present | not-exploitable: issue is in cli tool, not library |
| 22.3 | wavpack (5.4.0) | Needs Triage | not-exploitable: issue is in cli tool, not library | |
| 22.2 | wavpack (5.4.0) | Needs Triage | ||
| 22.1 | wavpack (5.4.0) | Needs Triage | ||
| 21.11.1 | wavpack (5.4.0) | Needs Triage | ||
| 21.11 | wavpack (5.4.0) | Needs Triage | ||
| 21.8.1 | wavpack (5.4.0) | Needs Triage | ||
| 21.8 | wavpack (5.4.0) | Needs Triage | ||
| 21.5.1 | wavpack (5.4.0) | Needs Triage | ||
| 21.5.0 | wavpack (5.4.0) | Needs Triage | ||
| 21.2.0 | wavpack (5.1.0) | Not Affected | Code Not Present | 5.1.0 does not match CVE configuration. |
| 11.4.20 | wavpack (5.1.0) | Not Affected | Code Not Present | 5.1.0 does not match CVE configuration. |
| 11.4.19.3667 | wavpack (5.1.0) | Not Affected | Code Not Present | 5.1.0 does not match CVE configuration. |
| 11.4.18.3599 | wavpack (5.1.0) | Not Affected | Code Not Present | 5.1.0 does not match CVE configuration. |
| 11.4.17 | wavpack (5.1.0) | Not Affected | Code Not Present | 5.1.0 does not match CVE configuration. |
| 11.4.16.3445 | wavpack (5.1.0) | Not Affected | Code Not Present | 5.1.0 does not match CVE configuration. |
| 11.4.15.3368 | wavpack (5.1.0) | Not Affected | Code Not Present | 5.1.0 does not match CVE configuration. |
| 11.4.14.3263 | wavpack (5.1.0) | Not Affected | Code Not Present | 5.1.0 does not match CVE configuration. |
| 11.4.13.3179 | wavpack (5.1.0) | Not Affected | Code Not Present | 5.1.0 does not match CVE configuration. |
| 11.4.12.3054 | wavpack (5.1.0) | Not Affected | Code Not Present | 5.1.0 does not match CVE configuration. |
| 11.4.11.3040 | wavpack (5.1.0) | Not Affected | Code Not Present | 5.1.0 does not match CVE configuration. |
| 11.4.11.2990 | wavpack (5.1.0) | Not Affected | Code Not Present | 5.1.0 does not match CVE configuration. |
| 11.4.10.2934 | wavpack (5.1.0) | Not Affected | Code Not Present | 5.1.0 does not match CVE configuration. |
| 11.4.9.2878 | wavpack (5.1.0) | Not Affected | Code Not Present | 5.1.0 does not match CVE configuration. |
| 11.4.8.2822 | wavpack (5.1.0) | Not Affected | Code Not Present | 5.1.0 does not match CVE configuration. |
Severity score breakdown
Attack Complexity
LOW
Attack Vector
LOCAL
Availability Impact
HIGH
Base Score
5.5
Base Severity
MEDIUM
Confidentiality Impact
NONE
Integrity Impact
NONE
Privileges Required
NONE
Scope
UNCHANGED
User Interaction
REQUIRED
Vector String
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Version
3.1