CVE-2023-32627 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.2 MEDIUM	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
redhat	CNA	6.2 MEDIUM	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 20%

Vendor	Product	Version
sox_project	sox	14.4.3
fedoraproject	extra_packages_for_enterprise_linux	8.0
redhat	enterprise_linux	6.0
redhat	enterprise_linux	7.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

sox

bullseye (security)	vulnerable
bullseye	no-dsa
bookworm	no-dsa
sid	14.4.2+git20190427-5 fixed
trixie	14.4.2+git20190427-5 fixed

Ubuntu Releases

Ubuntu Product

Codename

sox

oracular	not-affected
noble	needed
mantic	ignored
lunar	Fixed 14.4.2+git20190427-3.4ubuntu1.1 released
kinetic	ignored
jammy	Fixed 14.4.2+git20190427-2+deb11u2ubuntu0.22.04.1 released
focal	Fixed 14.4.2+git20190427-2+deb11u2ubuntu0.20.04.1 released
bionic	Fixed 14.4.2-3ubuntu0.18.04.3+esm1 released
xenial	Fixed 14.4.1-5+deb8u4ubuntu0.1+esm3 released
trusty	Fixed 14.4.1-3ubuntu1.1+esm4 released

Common Weakness Enumeration

CWE-1077 - Floating Point Comparison with Incorrect Operator
The code performs a comparison such as an equality test between two float (floating point) values, but it uses comparison operators that do not account for the possibility of loss of precision.
CWE-697 - Incorrect Comparison
The software compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.

References

https://access.redhat.com/security/cve/CVE-2023-32627

https://bugzilla.redhat.com/show_bug.cgi?id=2212282

https://lists.debian.org/debian-lts-announce/2023/08/msg00015.html

https://access.redhat.com/security/cve/CVE-2023-32627

https://bugzilla.redhat.com/show_bug.cgi?id=2212282

https://lists.debian.org/debian-lts-announce/2023/08/msg00015.html