CVE-2023-49993: Buffer Overflow
First published: Tue Dec 12 2023(Updated: )
Espeak-ng 1.52-dev was discovered to contain a Buffer Overflow via the function ReadClause at readclause.c.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ubuntu/espeak-ng | <1.49.2+dfsg-1ubuntu0.1~ | 1.49.2+dfsg-1ubuntu0.1~ |
| ubuntu/espeak-ng | <1.50+dfsg-6ubuntu0.1 | 1.50+dfsg-6ubuntu0.1 |
| ubuntu/espeak-ng | <1.50+dfsg-10ubuntu0.1 | 1.50+dfsg-10ubuntu0.1 |
| ubuntu/espeak-ng | <1.51+dfsg-11ubuntu0.1 | 1.51+dfsg-11ubuntu0.1 |
| ubuntu/espeak-ng | <1.51+dfsg-12 | 1.51+dfsg-12 |
| debian/espeak-ng | <=1.50+dfsg-7+deb11u1 | 1.51+dfsg-10+deb12u1 1.51+dfsg-12 |
| Red Hat Speech-Dispatcher-espeak-ng | =1.52-dev |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/espeak-ng/espeak-ng/issues/1826
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z5WW6RKHRWLEMCKCQ6UZCXWC5J7UWMUQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PZEBWPNKPAYJMIM3AS2RP3FL6FX3HS4/
- https://www.cve.org/CVERecord?id=CVE-2023-49993
- https://ubuntu.com/security/notices/USN-6858-1
- https://nvd.nist.gov/vuln/detail/CVE-2023-49993
- https://launchpad.net/bugs/cve/CVE-2023-49993
- https://security-tracker.debian.org/tracker/CVE-2023-49993
- https://github.com/espeak-ng/espeak-ng/pull/1846
- https://github.com/espeak-ng/espeak-ng/commit/58f1e0b6a4e6aa55621c6f01118994d01fd6f68c
- https://ubuntu.com/security/CVE-2023-49993
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z5WW6RKHRWLEMCKCQ6UZCXWC5J7UWMUQ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PZEBWPNKPAYJMIM3AS2RP3FL6FX3HS4/
Frequently Asked Questions
What is the severity of CVE-2023-49993?
CVE-2023-49993 has a high severity due to the potential for a buffer overflow that could lead to arbitrary code execution.
How do I fix CVE-2023-49993?
To fix CVE-2023-49993, update to a version of Espeak-ng that is patched against this vulnerability, such as 1.49.2+dfsg-1ubuntu0.1~ for Ubuntu Bionic or other remedied versions for different distributions.
What is the affected software version for CVE-2023-49993?
CVE-2023-49993 affects Espeak-ng version 1.52-dev.
Is CVE-2023-49993 exploitable remotely?
Yes, CVE-2023-49993 may be exploited remotely if the vulnerable software is exposed to untrusted inputs.
What type of vulnerability is CVE-2023-49993?
CVE-2023-49993 is classified as a buffer overflow vulnerability.
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/severity
- collector/usn-cve
- source/Ubuntu
- agent/software-canonical-lookup
- agent/remedy
- agent/description
- collector/launchpad-cve
- source/Launchpad
- collector/security-tracker-debian
- source/Debian
- agent/references
- agent/event
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-cve
- package-manager/ubuntu
- package-manager/debian
- vendor/espeak-ng
- canonical/red hat speech-dispatcher-espeak-ng
- version/red hat speech-dispatcher-espeak-ng/1.52-dev