{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-53966","assignerOrgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","state":"PUBLISHED","assignerShortName":"VulnCheck","dateReserved":"2025-12-19T14:03:57.725Z","datePublished":"2025-12-22T21:35:30.413Z","dateUpdated":"2025-12-22T22:05:21.596Z"},"containers":{"cna":{"providerMetadata":{"orgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","shortName":"VulnCheck","dateUpdated":"2025-12-22T21:35:30.413Z"},"datePublic":"2022-09-26T00:00:00.000Z","title":"SOUND4 LinkAndShare Transmitter 1.1.2 Format String Stack Buffer Overflow","descriptions":[{"lang":"en","value":"SOUND4 LinkAndShare Transmitter 1.1.2 contains a format string vulnerability that allows attackers to trigger memory stack overflows through maliciously crafted environment variables. Attackers can manipulate the username environment variable with format string payloads to potentially execute arbitrary code and crash the application."}],"problemTypes":[{"descriptions":[{"lang":"en","description":"Use of Externally-Controlled Format String","cweId":"CWE-134","type":"CWE"}]}],"affected":[{"vendor":"SOUND4 Ltd.","product":"SOUND4 LinkAndShare Transmitter","versions":[{"version":"1.1.2","status":"affected"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":9.3,"baseSeverity":"CRITICAL","exploitMaturity":"NOT_DEFINED","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS"},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS"}],"references":[{"url":"https://www.exploit-db.com/exploits/51259","name":"ExploitDB-51259","tags":["exploit"]},{"url":"https://web.archive.org/web/20221207074555/https://www.sound4.com/","name":"SOUND4 Official Product Homepage","tags":["product"]},{"url":"https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5744.php","name":"Zero Science Lab Disclosure (ZSL-2022-5744)","tags":["third-party-advisory"]},{"name":"VulnCheck Advisory: SOUND4 LinkAndShare Transmitter 1.1.2 Format String Stack Buffer Overflow","tags":["third-party-advisory"],"url":"https://www.vulncheck.com/advisories/sound-linkandshare-transmitter-format-string-stack-buffer-overflow"}],"credits":[{"lang":"en","value":"LiquidWorm as Gjoko Krstic of Zero Science Lab","type":"finder"}],"x_generator":{"engine":"vulncheck"}},"adp":[{"references":[{"url":"https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5744.php","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-12-22T21:59:46.249284Z","id":"CVE-2023-53966","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-12-22T22:05:21.596Z"}}]}}