Format string

2020-10-2718:15:00

PRIOn knowledge base

www.prio-n.com

9.8 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.5%

JSON

Wire before 2020-10-16 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a format string. This affects Wire AVS (Audio, Video, and Signaling) 5.3 through 6.x before 6.4, the Wire Secure Messenger application before 3.49.918 for Android, and the Wire Secure Messenger application before 3.61 for iOS. This occurs via the value parameter to sdp_media_set_lattr in peerflow/sdp.c.

CPENameOperatorVersion
wirelt3.21.2936
wirelt3.21.3959
wirelt3.21.3932
wire_-_audio\\,_video\\,_and_signalingge5.3
wire_-_audio\\,_video\\,_and_signalinglt6.4
wire_secure_messengerlt3.61
wire_secure_messengerlt3.49.918

Name	Operator	Version
wire	lt	3.21.2936
wire	lt	3.21.3959
wire	lt	3.21.3932
wire_-_audio\\,_video\\,_and_signaling	ge	5.3
wire_-_audio\\,_video\\,_and_signaling	lt	6.4
wire_secure_messenger	lt	3.61
wire_secure_messenger	lt	3.49.918