CVE-2023-49993

CVSS v3.1

5.3

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Espeak-ng version 1.52-dev

Description The issue is related to a buffer overflow in the ReadClause() function of the Espeak speech synthesizer, which occurs due to the lack of size checking for input data. This can potentially allow an attacker to cause a denial of service or execute arbitrary code. The vulnerability is associated with the readclause.c file.

Recommendations For Espeak-ng version 1.52-dev, consider disabling the ReadClause() function as a temporary workaround until a patch is available. Restrict access to the readclause.c file to minimize the risk of exploitation. Avoid using the ReadClause() function in sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

AZL-34678

BDU:2024-06184

CVE-2023-49993

DLA-4198-1

MGASA-2024-0249

OESA-2024-1021

OESA-2024-1057

SUSE-SU-2024:2632-1

USN-6858-1

Affected Products

Astra Linux

Debian

Espeak-Ng

Linuxmint

Red Os

Suse

Ubuntu

CVE-2023-49993

Weakness Enumeration

Related Identifiers

Affected Products

References · 55