{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-29T13:35:46.954","vulnerabilities":[{"cve":{"id":"CVE-2021-23172","sourceIdentifier":"secalert@redhat.com","published":"2022-08-25T20:15:08.977","lastModified":"2025-06-27T18:51:27.923","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function startread() in hcom.c file. The vulnerability is exploitable with a crafted hcomn file, that could cause an application to crash."},{"lang":"es","value":"Se ha detectado una vulnerabilidad en SoX, donde es producido un desbordamiento del búfer de la pila en la función startread() del archivo hcom.c. La vulnerabilidad puede explotarse con un archivo hcomn diseñado, que podría causar el bloqueo de una aplicación."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-120"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sound_exchange_project:sound_exchange:14.4.2-7:*:*:*:*:*:*:*","matchCriteriaId":"5F508BA4-3586-4735-82CB-F5C1B81EB83B"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2021-23172","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1975666","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://security.archlinux.org/CVE-2021-23172","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://sourceforge.net/p/sox/bugs/350/","source":"secalert@redhat.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://access.redhat.com/security/cve/CVE-2021-23172","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1975666","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://security.archlinux.org/CVE-2021-23172","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://sourceforge.net/p/sox/bugs/350/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}