Lucene search
K

292 matches found

Prion
Prion
added 2023/09/15 8:15 p.m.29 views

Out-of-bounds

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows remote users to trigger out of bounds write by offering an ICE candida...

5CVSS7.6AI score0.00749EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/09/15 8:15 p.m.31 views

Buffer overflow

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows authorized users to cause a denial of service attack by sending...

4CVSS6.2AI score0.0076EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/09/15 7:34 p.m.40 views

CVE-2023-40019

CVE-2023-40019 (FreeSWITCH) affects versions prior to 1.10.10. During SDP re-negotiation, an authorized user can send a re-INVITE with duplicate codec names; the system may perform more codec matches than expected, causing overflows in internal arrays and potentially corrupting the stack, leading...

7.5CVSS6.5AI score0.0076EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/15 7:34 p.m.15 views

CVE-2023-40019 FreeSWITCH allows authorized users to cause a denial of service attack by sending re-INVITE with SDP containing duplicate codec names

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows authorized users to cause a denial of service attack by sending...

7.5CVSS6.6AI score0.0076EPSS
Exploits1References2
OSV
OSV
added 2023/09/15 7:34 p.m.34 views

CVE-2023-40019 FreeSWITCH allows authorized users to cause a denial of service attack by sending re-INVITE with SDP containing duplicate codec names

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows authorized users to cause a denial of service attack by sending...

7.5CVSS6.2AI score0.0076EPSS
Exploits1References4
Cvelist
Cvelist
added 2023/09/15 7:34 p.m.35 views

CVE-2023-40019 FreeSWITCH allows authorized users to cause a denial of service attack by sending re-INVITE with SDP containing duplicate codec names

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows authorized users to cause a denial of service attack by sending...

7.5CVSS7.5AI score0.0076EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/09/15 7:32 p.m.26 views

CVE-2023-40018 FreeSWITCH allows remote users to trigger out of bounds write by offering an ICE candidate with unknown component ID

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows remote users to trigger out of bounds write by offering an ICE candida...

7.5CVSS7.8AI score0.00749EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/09/15 7:32 p.m.12 views

CVE-2023-40018 FreeSWITCH allows remote users to trigger out of bounds write by offering an ICE candidate with unknown component ID

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows remote users to trigger out of bounds write by offering an ICE candida...

7.5CVSS7AI score0.00749EPSS
Exploits0References2
CVE
CVE
added 2023/09/15 7:32 p.m.50 views

CVE-2023-40018

CVE-2023-40018 concerns FreeSWITCH prior to 1.10.10, where remote attackers can trigger an out-of-bounds write by offering an ICE candidate with an unknown component ID. When an SDP is offered with such ICE candidates, FreeSWITCH may write past array bounds, potentially corrupting memory and caus...

7.5CVSS7.6AI score0.00749EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/09/15 7:32 p.m.17 views

CVE-2023-40018 FreeSWITCH allows remote users to trigger out of bounds write by offering an ICE candidate with unknown component ID

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows remote users to trigger out of bounds write by offering an ICE candida...

7.5CVSS7.4AI score0.00749EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/09/15 12:0 a.m.7 views

PT-2023-27212 · Unknown +1 · Freeswitch +1

Name of the Vulnerable Software and Affected Versions: FreeSWITCH versions prior to 1.10.10 Description: FreeSWITCH is a Software Defined Telecom Stack that enables digital transformation from proprietary telecom switches to a software implementation. The issue allows remote users to trigger an o...

8.6CVSS6.5AI score0.0352EPSS
Exploits19References28
Positive Technologies
Positive Technologies
added 2023/09/15 12:0 a.m.6 views

PT-2023-27213 · Unknown +1 · Freeswitch +1

Name of the Vulnerable Software and Affected Versions: FreeSWITCH versions prior to 1.10.10 Description: The issue allows authorized users to cause a denial of service attack by sending re-INVITE with SDP containing duplicate codec names. When a call completes codec negotiation, the codec string...

8.6CVSS6.1AI score0.0352EPSS
Exploits19References26
CNNVD
CNNVD
added 2023/09/15 12:0 a.m.5 views

FreeSWITCH Buffer Error Vulnerability

FreeSWITCH is a free, open-source communications software program developed by Anthony Minessale, an individual developer in the United States. The software can be used to create audio, video, and short message products and applications. A buffer error vulnerability exists in FreeSWITCH versions...

7.5CVSS7.2AI score0.00749EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/09/15 12:0 a.m.6 views

FreeSWITCH Security Breach

FreeSWITCH is a free, open-source communications software program developed by Anthony Minessale, an individual developer in the United States. The software can be used to create audio, video, and SMS products and applications. A security vulnerability exists in versions of FreeSWITCH prior to...

7.5CVSS6.6AI score0.0076EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2023/05/24 12:0 a.m.27 views

Debian DSA-5410-1 : sofia-sip - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5410 advisory. - Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to...

9.8CVSS8.2AI score0.0366EPSS
Exploits5References13
Veracode
Veracode
added 2023/03/22 9:5 a.m.25 views

Out Of Bounds Read

Sofia-SIP is vulnerable to an Out-of-bounds Read. This vulnerability is present in the sipmethodd function of sipparser.c, and it enables an attacker to potentially trigger an application crash by sending a maliciously crafted message containing a malicious SDP Session Description Protocol to...

7.5CVSS6.6AI score0.02022EPSS
Exploits1References10Affected Software1
Veracode
Veracode
added 2023/03/22 4:52 a.m.34 views

Denial Of Service (DoS)

sofia-sip is vulnerable to Denial of Service DoS attacks. An attacker is able to send a message with evil sdp to FreeSWITCH, which may cause an application crash with the use of a URL ending with %...

7.5CVSS8.3AI score0.01802EPSS
Exploits1References10Affected Software1
Veracode
Veracode
added 2023/03/22 4:52 a.m.29 views

Remote Code Execution (RCE)

sofia-sip is vulnerable to Remote Code Execution RCE. When parsing each line of a sdp message, rest = record + 2 will access the memory behind \0 and cause an out-of-bounds write. An attacker is able to send a message with evil sdp to FreeSWITCH, causing a crash or more serious consequence, such ...

9.8CVSS9.5AI score0.0366EPSS
Exploits1References10Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 3:25 a.m.3 views

SUSE CVE-2022-31002

Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with %. Version 1.13.8 contains a patch for this issue...

7.5CVSS7.5AI score0.01802EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:25 a.m.3 views

SUSE CVE-2022-31001

Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type of crash may be caused by define MATCHs, m strncmps, m, n = sizeofm - 1 == 0, which will make n...

7.5CVSS7.5AI score0.02022EPSS
Exploits1References3
Rows per page
Query Builder