CVE-2021-40426 sphere.c start_read() heap-based buffer overflow vulnerability

Brought to you by: cbagwell, mansr, robs, rrt, uklauer

#362 CVE-2021-40426 sphere.c start_read() heap-based buffer overflow vulnerability

Status: open

Owner: nobody

Labels: None

Priority: 5

Updated: 2024-11-30

Created: 2022-06-28

Creator: Enrico Zini

Private: No

Hello,

in my Debian work I am trying to track the situation of CVE-2021-40426, reported in https://talosintelligence.com/vulnerability_reports/TALOS-2021-1434

The report mentions "Follow up with vendor; vendor acknowledged". I could not find the CVE mentioned in git logs, nor an issue related to it, and the last commit to sphere.c that I can see is from 2014.

I'll try to open a ticket to track the situation upstream. Has there been work on a patch for this issue?

Discussion

Martin Guy - 2024-11-30

https://codeberg.org/sox_ng/sox_ng/issues/27

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

CVE-2021-40426 sphere.c start_read() heap-based buffer overflow vulnerability

Searches

Help

#362 CVE-2021-40426 sphere.c start_read() heap-based buffer overflow vulnerability

Discussion