CVE-2023-49992: Buffer Overflow
First published: Tue Dec 12 2023(Updated: )
Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow via the function RemoveEnding at dictionary.c.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Espeak-ng Espeak-ng | =1.52-dev | |
| ubuntu/espeak-ng | <1.49.2+dfsg-1ubuntu0.1~ | 1.49.2+dfsg-1ubuntu0.1~ |
| ubuntu/espeak-ng | <1.50+dfsg-6ubuntu0.1 | 1.50+dfsg-6ubuntu0.1 |
| ubuntu/espeak-ng | <1.50+dfsg-10ubuntu0.1 | 1.50+dfsg-10ubuntu0.1 |
| ubuntu/espeak-ng | <1.51+dfsg-11ubuntu0.1 | 1.51+dfsg-11ubuntu0.1 |
| ubuntu/espeak-ng | <1.51+dfsg-12 | 1.51+dfsg-12 |
| debian/espeak-ng | <=1.50+dfsg-7+deb11u1 | 1.51+dfsg-10+deb12u1 1.51+dfsg-12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/espeak-ng/espeak-ng/issues/1827
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z5WW6RKHRWLEMCKCQ6UZCXWC5J7UWMUQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PZEBWPNKPAYJMIM3AS2RP3FL6FX3HS4/
- https://www.cve.org/CVERecord?id=CVE-2023-49992
- https://ubuntu.com/security/notices/USN-6858-1
- https://nvd.nist.gov/vuln/detail/CVE-2023-49992
- https://launchpad.net/bugs/cve/CVE-2023-49992
- https://security-tracker.debian.org/tracker/CVE-2023-49992
- https://github.com/espeak-ng/espeak-ng/pull/1846
- https://github.com/espeak-ng/espeak-ng/commit/58f1e0b6a4e6aa55621c6f01118994d01fd6f68c
- https://ubuntu.com/security/CVE-2023-49992
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z5WW6RKHRWLEMCKCQ6UZCXWC5J7UWMUQ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PZEBWPNKPAYJMIM3AS2RP3FL6FX3HS4/
Frequently Asked Questions
What is the severity of CVE-2023-49992?
CVE-2023-49992 has a high severity due to the presence of a stack buffer overflow in espeak-ng 1.52-dev.
How do I fix CVE-2023-49992?
To fix CVE-2023-49992, update espeak-ng to a version higher than 1.52-dev, such as 1.51+dfsg-12 or the recommended remedied versions for your distribution.
What versions of espeak-ng are affected by CVE-2023-49992?
CVE-2023-49992 affects espeak-ng version 1.52-dev.
Can CVE-2023-49992 lead to remote code execution?
Yes, CVE-2023-49992's stack buffer overflow can potentially allow remote code execution.
Where can I find more information about CVE-2023-49992?
You can find more information about CVE-2023-49992 in discussion threads and issue trackers related to espeak-ng.
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/severity
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- collector/usn-cve
- source/Ubuntu
- agent/remedy
- agent/description
- collector/security-tracker-debian
- source/Debian
- collector/launchpad-cve
- source/Launchpad
- agent/references
- agent/softwarecombine
- agent/event
- collector/nvd-cve
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- agent/tags
- agent/source
- vendor/espeak-ng
- canonical/espeak-ng espeak-ng
- version/espeak-ng espeak-ng/1.52-dev
- package-manager/ubuntu
- package-manager/debian