CVE-2023-36177

Name of the Vulnerable Software and Affected Versions snapcast versions prior to 0.23.0+dfsg1-1+deb11u1 snapcast versions prior to 0.26.0+dfsg1-1+deb12u1 snapcast version 0.27.0

Description An RCE vulnerability exists in snapcast, a multi-room client-server audio player. Remote attackers can execute arbitrary code and gain sensitive information via crafted requests to the JSON-RPC-API. The vulnerability resides in the JSON RPC interface of the server component.

Recommendations snapcast versions prior to 0.23.0+dfsg1-1+deb11u1: Upgrade your snapcast packages to version 0.23.0+dfsg1-1+deb11u1 or later. snapcast versions prior to 0.26.0+dfsg1-1+deb12u1: Upgrade your snapcast packages to version 0.26.0+dfsg1-1+deb12u1 or later. snapcast version 0.27.0: At the moment, there is no information about a newer version that contains a fix for this vulnerability.