Vulnerability Name:

CVE-2020-35738 (CCN-193870)

Assigned:2020-12-27
Published:2020-12-27
Updated:2021-07-21
Summary:WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack_utils.c because of an integer overflow in a malloc argument.
Note: some third-parties claim that there are later "unofficial" releases through 5.3.2, which are also affected.
CVSS v3 Severity:6.1 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H)
5.4 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H/E:U/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): High
5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
4.9 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-787
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2020-35738

Source: XF
Type: UNKNOWN
wavpack-cve202035738-dos(193870)

Source: CCN
Type: WavPack GIT Repository
WavPack crashes with SEGFAULT #91

Source: MISC
Type: Exploit, Patch, Third Party Advisory
https://github.com/dbry/WavPack/issues/91

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20210115 [SECURITY] [DLA 2525-1] wavpack security update

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-5c83efb61c

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-2e2fc2eac6

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-de45e7bb88

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-b7826fcedf

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2020-35738

Vulnerable Configuration:Configuration 1:
  • cpe:/a:wavpack:wavpack:5.3.0:*:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

  • Configuration 3:
  • cpe:/o:fedoraproject:fedora:32:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:wavpack:wavpack:5.3.0:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:7696
    P
    libwavpack1-5.4.0-150000.4.15.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:7982
    P
    wavpack-5.4.0-150000.4.15.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:95269
    P
    Security update for perl-HTTP-Daemon (Moderate) (in QA)
    2022-07-15
    oval:org.opensuse.security:def:3104
    P
    hyper-v-7-7.5 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3430
    P
    apache2-2.4.23-29.43.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3359
    P
    ruby-2.1-1.4 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:94989
    P
    wavpack-5.4.0-4.12.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94542
    P
    e2fsprogs-1.46.4-150400.1.80 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94776
    P
    perl-DBI-1.642-3.9.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94734
    P
    libwavpack1-5.4.0-4.12.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:224
    P
    libwavpack1-5.4.0-4.9.1 on GA media (Moderate)
    2022-06-13
    oval:org.opensuse.security:def:101982
    P
    Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP3) (Important)
    2022-04-25
    oval:org.opensuse.security:def:1747
    P
    Security update for the Linux Kernel (Important)
    2022-04-13
    oval:org.opensuse.security:def:1153
    P
    Security update for libsolv, libzypp, zypper (Important)
    2022-04-12
    oval:org.opensuse.security:def:99467
    P
    (Moderate)
    2022-04-01
    oval:org.opensuse.security:def:112912
    P
    libwavpack1-32bit-5.4.0-1.6 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:106370
    P
    libwavpack1-32bit-5.4.0-1.6 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:97032
    P
    qemu-3.1.0-7.1 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:101489
    P
    Security update for libmspack (Moderate)
    2021-08-20
    oval:org.opensuse.security:def:99666
    P
    (Important)
    2021-08-14
    oval:org.opensuse.security:def:62242
    P
    libwavpack1-5.4.0-4.9.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:71983
    P
    libwavpack1-5.4.0-4.9.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:62836
    P
    wavpack-5.4.0-4.9.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:72555
    P
    wavpack-5.4.0-4.9.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:101242
    P
    wavpack-5.4.0-4.9.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:101255
    P
    cargo-1.43.1-12.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:99974
    P
    (Important)
    2021-07-20
    oval:org.opensuse.security:def:5721
    P
    Security update for openexr (Moderate)
    2021-04-07
    oval:org.opensuse.security:def:31746
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:55872
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:83256
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:127237
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:23770
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:34044
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:58923
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:86210
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:29488
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:52029
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:81123
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:88584
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:32282
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:57189
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:84285
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:24041
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:5201
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:34660
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:59609
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:86746
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:30049
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:54784
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:82168
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:125674
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:21429
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:89264
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:33100
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:57569
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:84743
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:26214
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:51189
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:5982
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:59867
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:87564
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:31366
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:55311
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:82695
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:126840
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:23201
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:89522
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:33786
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:58105
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:85830
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:28961
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:51758
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:60483
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:88267
    P
    Security update for wavpack (Important)
    2021-03-24
    oval:org.opensuse.security:def:45403
    P
    Security update for wavpack (Important)
    2021-03-19
    oval:org.opensuse.security:def:41838
    P
    Security update for wavpack (Important)
    2021-03-19
    oval:org.opensuse.security:def:46268
    P
    Security update for wavpack (Important)
    2021-03-19
    oval:org.opensuse.security:def:38338
    P
    Security update for wavpack (Important)
    2021-03-19
    oval:org.opensuse.security:def:39559
    P
    Security update for wavpack (Important)
    2021-03-19
    oval:org.opensuse.security:def:43989
    P
    Security update for wavpack (Important)
    2021-03-19
    oval:org.opensuse.security:def:40973
    P
    Security update for wavpack (Important)
    2021-03-19
    oval:org.opensuse.security:def:110654
    P
    Security update for wavpack (Moderate)
    2021-01-24
    oval:org.opensuse.security:def:111146
    P
    Security update for wavpack (Moderate)
    2021-01-24
    oval:org.opensuse.security:def:93221
    P
    Security update for wavpack (Moderate)
    2021-01-21
    oval:org.opensuse.security:def:108648
    P
    Security update for wavpack (Moderate)
    2021-01-21
    oval:org.opensuse.security:def:10268
    P
    Security update for wavpack (Moderate)
    2021-01-21
    oval:org.opensuse.security:def:91932
    P
    Security update for wavpack (Moderate)
    2021-01-21
    oval:org.opensuse.security:def:8593
    P
    Security update for wavpack (Moderate)
    2021-01-21
    oval:org.opensuse.security:def:65220
    P
    Security update for wavpack (Moderate)
    2021-01-21
    oval:org.opensuse.security:def:98882
    P
    Security update for wavpack (Moderate)
    2021-01-21
    oval:org.opensuse.security:def:117669
    P
    Security update for wavpack (Moderate)
    2021-01-21
    oval:org.opensuse.security:def:74288
    P
    Security update for wavpack (Moderate)
    2021-01-21
    oval:org.opensuse.security:def:92716
    P
    Security update for wavpack (Moderate)
    2021-01-21
    oval:org.opensuse.security:def:9518
    P
    Security update for wavpack (Moderate)
    2021-01-21
    oval:org.opensuse.security:def:69857
    P
    Security update for wavpack (Moderate)
    2021-01-21
    oval:org.opensuse.security:def:92127
    P
    Security update for wavpack (Moderate)
    2021-01-21
    oval:org.opensuse.security:def:8771
    P
    Security update for wavpack (Moderate)
    2021-01-21
    oval:org.opensuse.security:def:66810
    P
    Security update for wavpack (Moderate)
    2021-01-21
    oval:org.opensuse.security:def:99077
    P
    Security update for wavpack (Moderate)
    2021-01-21
    oval:org.opensuse.security:def:75878
    P
    Security update for wavpack (Moderate)
    2021-01-21
    oval:org.opensuse.security:def:92915
    P
    Security update for wavpack (Moderate)
    2021-01-21
    oval:org.opensuse.security:def:107921
    P
    Security update for wavpack (Moderate)
    2021-01-21
    oval:org.opensuse.security:def:9717
    P
    Security update for wavpack (Moderate)
    2021-01-21
    oval:org.opensuse.security:def:70230
    P
    Security update for wavpack (Moderate)
    2021-01-21
    oval:org.opensuse.security:def:4131
    P
    Security update for wavpack (Moderate)
    2021-01-21
    oval:org.opensuse.security:def:92318
    P
    Security update for wavpack (Moderate)
    2021-01-21
    oval:org.opensuse.security:def:8966
    P
    Security update for wavpack (Moderate)
    2021-01-21
    oval:org.opensuse.security:def:69476
    P
    Security update for wavpack (Moderate)
    2021-01-21
    oval:org.opensuse.security:def:99268
    P
    Security update for wavpack (Moderate)
    2021-01-21
    oval:org.opensuse.security:def:93068
    P
    Security update for wavpack (Moderate)
    2021-01-21
    oval:org.opensuse.security:def:108155
    P
    Security update for wavpack (Moderate)
    2021-01-21
    oval:org.opensuse.security:def:10090
    P
    Security update for wavpack (Moderate)
    2021-01-21
    oval:org.opensuse.security:def:70408
    P
    Security update for wavpack (Moderate)
    2021-01-21
    oval:org.opensuse.security:def:64519
    P
    Security update for wavpack (Moderate)
    2021-01-21
    oval:org.opensuse.security:def:117436
    P
    Security update for wavpack (Moderate)
    2021-01-21
    oval:org.opensuse.security:def:73641
    P
    Security update for wavpack (Moderate)
    2021-01-21
    oval:org.opensuse.security:def:92517
    P
    Security update for wavpack (Moderate)
    2021-01-21
    oval:org.opensuse.security:def:9336
    P
    Security update for wavpack (Moderate)
    2021-01-21
    oval:org.opensuse.security:def:69658
    P
    Security update for wavpack (Moderate)
    2021-01-21
    BACK
    wavpack wavpack 5.3.0
    debian debian linux 9.0
    fedoraproject fedora 32
    fedoraproject fedora 33
    wavpack wavpack 5.3.0