Lucene search
HistoryOct 05, 2015 - 2:59 p.m.
CVE-2015-7392
cve-2015-7392
freeswitch
buffer overflow
remote code execution
security vulnerability
8.2 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.051 Low
EPSS
Percentile
92.9%
Heap-based buffer overflow in the parse_string function in libs/esl/src/esl_json.c in FreeSWITCH before 1.4.23 and 1.6.x before 1.6.2 allows remote attackers to execute arbitrary code via a trailing \u in a json string to cJSON_Parse.
| CPE | Name | Operator | Version |
|---|---|---|---|
| freeswitch:freeswitch | freeswitch | eq | 1.6.0 |
| freeswitch:freeswitch | freeswitch | le | 1.4.21 |
Related
prion
prion
Heap overflow
2015-10-05 14:59:00
securityvulns
securityvulns
FreeSWITCH buffer overflow
2015-10-12 00:00:00
zdt
zdt
freeswitch Heap Overflow Vulnerability
2015-09-30 00:00:00
cvelist
cvelist
CVE-2015-7392
2015-10-05 14:00:00
nessus
nessus
FreeSWITCH < 1.4.26 / 1.6.x < 1.6.5 JSON Parser RCE
2016-02-11 00:00:00
8.2 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.051 Low
EPSS
Percentile
92.9%
Related for CVE-2015-7392