CVE-2023-53966

SOUND4 LinkAndShare Transmitter 1.1.2 Format String Stack Buffer Overflow

CVSS 9.3 CRITICALEPSS 0.6%CWE-134

Vexday Risk Score

28Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 9.3EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

22 dic 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

SOUND4 LinkAndShare Transmitter 1.1.2 contains a format string vulnerability that allows attackers to trigger memory stack overflows through maliciously crafted environment variables. Attackers can manipulate the username environment variable with format string payloads to potentially execute arbitrary code and crash the application.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Productos afectados

SOUND4 Ltd. · SOUND4 LinkAndShare Transmitter

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://web.archive.org/web/20221207074555/https://www.sound4.com/https://www.exploit-db.com/exploits/51259 https://www.vulncheck.com/advisories/sound-linkandshare-transmitter-format-string-stack-buffer-overflow https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5744.php