CVE-2023-26590 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.2 MEDIUM	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
redhat	CNA	6.2 MEDIUM	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 7%

Affected Products (NVD)

Vendor	Product	Version
sound_exchange_project	sound_exchange	14.4.3
fedoraproject	extra_packages_for_enterprise_linux	8.0
redhat	enterprise_linux	6.0
redhat	enterprise_linux	7.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

sox

bookworm	14.4.2+git20190427-3.5 fixed
bullseye	14.4.2+git20190427-2+deb11u2 fixed
bullseye (security)	14.4.2+git20190427-2+deb11u2 fixed
sid	14.4.2+git20190427-5 fixed
trixie	14.4.2+git20190427-5 fixed

Ubuntu Releases

Ubuntu Product

Codename

sox

bionic	not-affected
focal	Fixed 14.4.2+git20190427-2+deb11u1build0.20.04.1 released
jammy	Fixed 14.4.2+git20190427-2+deb11u1build0.22.04.1 released
kinetic	ignored
lunar	not-affected
trusty	Fixed 14.4.1-3ubuntu1.1+esm2 released
xenial	Fixed 14.4.1-5+deb8u4ubuntu0.1+esm1 released

Common Weakness Enumeration

CWE-1077 - Floating Point Comparison with Incorrect Operator
The code performs a comparison such as an equality test between two float (floating point) values, but it uses comparison operators that do not account for the possibility of loss of precision.
CWE-697 - Incorrect Comparison
The software compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.

References

https://access.redhat.com/security/cve/CVE-2023-26590

https://bugzilla.redhat.com/show_bug.cgi?id=2212279

https://access.redhat.com/security/cve/CVE-2023-26590

https://bugzilla.redhat.com/show_bug.cgi?id=2212279