292 matches found
Out-of-bounds
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows remote users to trigger out of bounds write by offering an ICE candida...
Buffer overflow
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows authorized users to cause a denial of service attack by sending...
CVE-2023-40019
CVE-2023-40019 (FreeSWITCH) affects versions prior to 1.10.10. During SDP re-negotiation, an authorized user can send a re-INVITE with duplicate codec names; the system may perform more codec matches than expected, causing overflows in internal arrays and potentially corrupting the stack, leading...
CVE-2023-40019 FreeSWITCH allows authorized users to cause a denial of service attack by sending re-INVITE with SDP containing duplicate codec names
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows authorized users to cause a denial of service attack by sending...
CVE-2023-40019 FreeSWITCH allows authorized users to cause a denial of service attack by sending re-INVITE with SDP containing duplicate codec names
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows authorized users to cause a denial of service attack by sending...
CVE-2023-40019 FreeSWITCH allows authorized users to cause a denial of service attack by sending re-INVITE with SDP containing duplicate codec names
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows authorized users to cause a denial of service attack by sending...
CVE-2023-40018 FreeSWITCH allows remote users to trigger out of bounds write by offering an ICE candidate with unknown component ID
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows remote users to trigger out of bounds write by offering an ICE candida...
CVE-2023-40018 FreeSWITCH allows remote users to trigger out of bounds write by offering an ICE candidate with unknown component ID
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows remote users to trigger out of bounds write by offering an ICE candida...
CVE-2023-40018
CVE-2023-40018 concerns FreeSWITCH prior to 1.10.10, where remote attackers can trigger an out-of-bounds write by offering an ICE candidate with an unknown component ID. When an SDP is offered with such ICE candidates, FreeSWITCH may write past array bounds, potentially corrupting memory and caus...
CVE-2023-40018 FreeSWITCH allows remote users to trigger out of bounds write by offering an ICE candidate with unknown component ID
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows remote users to trigger out of bounds write by offering an ICE candida...
PT-2023-27212 · Unknown +1 · Freeswitch +1
Name of the Vulnerable Software and Affected Versions: FreeSWITCH versions prior to 1.10.10 Description: FreeSWITCH is a Software Defined Telecom Stack that enables digital transformation from proprietary telecom switches to a software implementation. The issue allows remote users to trigger an o...
PT-2023-27213 · Unknown +1 · Freeswitch +1
Name of the Vulnerable Software and Affected Versions: FreeSWITCH versions prior to 1.10.10 Description: The issue allows authorized users to cause a denial of service attack by sending re-INVITE with SDP containing duplicate codec names. When a call completes codec negotiation, the codec string...
FreeSWITCH Buffer Error Vulnerability
FreeSWITCH is a free, open-source communications software program developed by Anthony Minessale, an individual developer in the United States. The software can be used to create audio, video, and short message products and applications. A buffer error vulnerability exists in FreeSWITCH versions...
FreeSWITCH Security Breach
FreeSWITCH is a free, open-source communications software program developed by Anthony Minessale, an individual developer in the United States. The software can be used to create audio, video, and SMS products and applications. A security vulnerability exists in versions of FreeSWITCH prior to...
Debian DSA-5410-1 : sofia-sip - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5410 advisory. - Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to...
Out Of Bounds Read
Sofia-SIP is vulnerable to an Out-of-bounds Read. This vulnerability is present in the sipmethodd function of sipparser.c, and it enables an attacker to potentially trigger an application crash by sending a maliciously crafted message containing a malicious SDP Session Description Protocol to...
Denial Of Service (DoS)
sofia-sip is vulnerable to Denial of Service DoS attacks. An attacker is able to send a message with evil sdp to FreeSWITCH, which may cause an application crash with the use of a URL ending with %...
Remote Code Execution (RCE)
sofia-sip is vulnerable to Remote Code Execution RCE. When parsing each line of a sdp message, rest = record + 2 will access the memory behind \0 and cause an out-of-bounds write. An attacker is able to send a message with evil sdp to FreeSWITCH, causing a crash or more serious consequence, such ...
SUSE CVE-2022-31002
Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with %. Version 1.13.8 contains a patch for this issue...
SUSE CVE-2022-31001
Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type of crash may be caused by define MATCHs, m strncmps, m, n = sizeofm - 1 == 0, which will make n...