CVE-2019-18796 - OpenCVE

The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile Denial of Service vulnerability (infinite loop) via a crafted .mp3 file. This weakness could allow attackers to consume excessive CPU and the application becomes unresponsive.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:M/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Un4seen	Bass

Configuration 1 [-]

cpe:2.3:a:un4seen:bass:*:*:*:*:*:windows:*:*

References

Link	Resource
http://www.un4seen.com/	Vendor Advisory
https://github.com/staufnic/CVE/tree/master/CVE-2019-18796	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-10-16T12:51:42

Updated: 2020-10-16T12:51:42

Reserved: 2019-11-06T00:00:00

Link: CVE-2019-18796

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-10-16T13:15:11.503

Modified: 2020-10-27T15:28:02.233

Link: CVE-2019-18796

JSON object: View

Redhat Information

No data.

CWE

CWE-835

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:un4seen:bass:*:*:*:*:*:windows:*:*", "matchCriteriaId": "3EB8E932-F897-427D-9F12-AA9580415B95", "versionEndIncluding": "2.4.14.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile Denial of Service vulnerability (infinite loop) via a crafted .mp3 file. This weakness could allow attackers to consume excessive CPU and the application becomes unresponsive."}, {"lang": "es", "value": "El BASS Audio Library versi\u00f3n 2.4.14 en Windows es propensa a una vulnerabilidad de Denegaci\u00f3n de Servicio en BASS_StreamCreateFile (bucle infinito) por medio de un archivo .mp3 dise\u00f1ado. Esta debilidad podr\u00eda permitir a atacantes consumir un exceso de la CPU y que la aplicaci\u00f3n deje de responder"}], "id": "CVE-2019-18796", "lastModified": "2020-10-27T15:28:02.233", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-10-16T13:15:11.503", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.un4seen.com/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/staufnic/CVE/tree/master/CVE-2019-18796"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-835"}], "source": "nvd@nist.gov", "type": "Primary"}]}