CVE-2023-27355

Name of the Vulnerable Software and Affected Versions Sonos One Speaker version 70.3-35220

Description This issue allows network-adjacent attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the MPEG-TS parser, resulting from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this issue to execute code in the context of root.

Recommendations For Sonos One Speaker version 70.3-35220, at the moment, there is no information about a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the MPEG-TS parser to minimize the risk of exploitation.