CVE-2024-11586 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4 MEDIUM	LOCAL	HIGH	HIGH	CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
canonical	CNA	4 MEDIUM	LOCAL	HIGH	HIGH	CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 4%

Vendor	Product	Version
pulseaudio	pulseaudio	-

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

pulseaudio

bullseye	14.2-2 fixed
bookworm	16.1+dfsg1-2 fixed
forky	17.0+dfsg1-2 fixed
sid	17.0+dfsg1-2 fixed
trixie	17.0+dfsg1-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

pulseaudio

plucky	not-affected
oracular	not-affected
noble	not-affected
jammy	not-affected
focal	not-affected
bionic	not-affected
xenial	needed

Common Weakness Enumeration

CWE-404 - Improper Resource Shutdown or Release
The program does not release or incorrectly releases a resource before it is made available for re-use.

References

https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/2078822

https://www.cve.org/CVERecord?id=CVE-2024-11586