ZDI-24-545: (Pwn2Own) Sonos Era 100 SMB2 Message Handling Use-After-Free Remote Code Execution Vulnerability - Cyber Security News

Read Time:14 Second

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 100 smart speakers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-5269.

More Stories

exiv2-0.28.5-1.fc43

FEDORA-2025-7575224d15 Packages in this update: exiv2-0.28.5-1.fc43 Update description: Automatic update for exiv2-0.28.5-1.fc43. Changelog * Thu Feb 27 2025 Miloš Komarčević...

USN-7340-1: OpenVPN vulnerabilities

It was discovered that OpenVPN did not perform proper input validation when generating a TLS key under certain configuration, which...

USN-7338-1: CRaC JDK 17 vulnerabilities

Andy Boothe discovered that the Networking component of CRaC JDK 17 did not properly handle access under certain circumstances. An...

USN-7339-1: CRaC JDK 21 vulnerabilities

Andy Boothe discovered that the Networking component of CRaC JDK 21 did not properly handle access under certain circumstances. An...

USN-7337-1: LibreOffice vulnerability

It was discovered that LibreOffice incorrectly handled Office URI Schemes. If a user or automated system were tricked into opening...

USN-7299-2: X.Org X Server vulnerabilities

USN-7299-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS....