PT-2024-25253 · Phiola · Phiola
Published
2024-05-01
·
Updated
2024-07-03
·
CVE-2024-33431
CVSS v3.1
6.5
6.5
Medium
| Base vector | Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
phiola version 2.0-rc22
Description:
An issue in phiola's WAV file handling, specifically in the conv.c file, allows a remote attacker to cause a denial of service via a crafted .wav file. The issue is remotely exploitable.
Recommendations:
For phiola version 2.0-rc22, isolate affected systems and monitor for exploit attempts. Apply patches or updates once they become available.
Exploit
Fix
Weakness Enumeration
Related Identifiers
CVE-2024-33431
Affected Products
Phiola
References · 11
- 🔥 https://github.com/Helson-S/FuzzyTesting/tree/master/phiola/flowPointException-1/poc⭐ 1 · Exploit
- 🔥 https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/flowPointException-1/poc/I0I72U~G⭐ 1 · Exploit
- https://nvd.nist.gov/vuln/detail/CVE-2024-33431 · Security Note
- https://github.com/stsaz/phiola/issues/27⭐ 122 🔗 7 · Note
- https://github.com/Helson-S/FuzzyTesting/tree/master/phiola/flowPointException-1⭐ 1 · Note
- https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/flowPointException-1/flowPointException-1.assets/image-20240420004701828.png⭐ 1 · Note
- https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/flowPointException-1/flowPointException-1.md⭐ 1 · Note
- https://twitter.com/CVEnew/status/1785749763171946609 · Twitter Post
- https://twitter.com/oktsec/status/1785829778311749846 · Twitter Post
- https://twitter.com/VulmonFeeds/status/1785780599598293182 · Twitter Post
- https://github.com/stsaz/phiola · Note