CVE-2023-36177

Name
CVE-2023-36177
Description
An issue was discovered in badaix Snapcast version 0.27.0, allows remote attackers to execute arbitrary code and gain sensitive information via crafted request in JSON-RPC-API.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
cve@mitre.org http://snapcast.com
cve@mitre.org https://oxnan.com/posts/Snapcast_jsonrpc_rce

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:badaix:snapcast:*:*:*:*:*:*:*:* snapcast >= None <= 0.27.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
snapcast edge-community 0.27.0-r4 Bart Ribbers <bribbers@disroot.org> possibly vulnerable
snapcast 3.19-community 0.27.0-r4 Bart Ribbers <bribbers@disroot.org> possibly vulnerable