CVE-2023-53966

EUVD-2023-60228
SOUND4 LinkAndShare Transmitter 1.1.2 contains a format string vulnerability that allows attackers to trigger memory stack overflows through maliciously crafted environment variables. Attackers can manipulate the username environment variable with format string payloads to potentially execute arbitrary code and crash the application.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
VulnCheckCNA
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
Affected Products (NVD)
VendorProductVersion
sound4linkandshare_transmitter
1.1.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://web.archive.org/web/20221207074555/https://www.sound4.com/
https://www.exploit-db.com/exploits/51259
https://www.vulncheck.com/advisories/sound-linkandshare-transmitter-format-string-stack-buffer-overflow
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5744.php
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5744.php