CVE-2024-42011

Severity CVSS v4.0:

Pending analysis

Type:

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Publication date:

28/10/2024

Last modified:

30/10/2024

Description

The Spotify app 8.9.58 for iOS has a buffer overflow in its use of strcat.

Impact

Vector 3.x

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 7.50 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x

7.50

Severity 3.x

HIGH

References to Advisories, Solutions, and Tools

https://community.spotify.com/t5/iOS-iPhone-iPad/Spotify-constantly-crashes-lags-and-heats-up-my-battery/td-p/6217537
https://luminous-reminder-337.notion.site/Buffer-Overflow-Vulnerability-in-Spotify-iOS-App-Steps-to-Reproduce-By-0xRushy-5114aa2548e2401eb6812a12af888b8c