How severe is CVE-2024-5256?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2024-5256?

This is classified as CWE-191, which is a common weakness in software security.

CVE-2024-5256 - MEDIUM Severity | CVSS 4.3

Vulnerability Description

Sonos Era 100 SMB2 Message Handling Integer Underflow Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos Era 100 smart speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SMB2 messages. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before reading from memory. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-22336.

Related Vulnerabilities

CVE-2023-24911

MEDIUM

CVSS:4.3(Medium)

Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability

CWE-1912023

CVE-2024-50594

MEDIUM

CVSS:4.3(Medium)

An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted series of network requests can lead to denial o...

CWE-1912024

CVE-2024-50595

MEDIUM

CVSS:4.3(Medium)

CWE-1912024

CVE-2024-50596

MEDIUM

CVSS:4.3(Medium)

An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. A...

CWE-1912024

CVE-2024-50597

MEDIUM

CVSS:4.3(Medium)

CWE-1912024

CVE-2023-20635

MEDIUM

CVSS:4.4(Medium)

In keyinstall, there is a possible information disclosure due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not n...

CWE-1912023