Primary

Context

Sonos Era 300 Heap-Based Buffer Overflow Remote Code Execution Vulnerability

Vulnerability

A heap-based buffer overflow vulnerability allowing remote code execution has been identified in the Sonos Era 300 speaker. This issue arises from improper validation of user-supplied data length in the processing of ALAC data, leading to arbitrary code execution in the context of the anacapa user. The vulnerability can be exploited by network-adjacent attackers without authentication.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected device, with the executed code running under the anacapa user context.

Remediation

Users can update to Sonos Player version 83.1-61240 or Sonos Release version 16.6 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Sonos Era 300 Heap-Based Buffer Overflow Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating