292 matches found
CVE-2026-49842 FreeSWITCH: Pre-authentication bandwidth amplification via `mod_verto` speed-test frames
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's WebSocket frame loop intercepts a -prefixed speed-test protocol SPU / SPB / SP...
EUVD-2026-35473
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's WebSocket frame loop intercepts a -prefixed speed-test protocol SPU / SPB / SP...
CVE-2026-49842
CVE-2026-49842 - FreeSWITCH mod_verto pre-auth bandwidth amplification : Before v1.11.1, FreeSWITCH’s mod_verto WebSocket frame loop processed a #-prefixed speed-test protocol (#SPU/#SPB/#SPE) prior to authentication. The payload size in #SPU was parsed with atoi() and non-positive values were re...
CVE-2026-49841
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, the modverto HTTP request handler allocates a fixed 2 MiB buffer for a POST...
CVE-2026-49841 FreeSWITCH: Pre-authentication heap buffer overflow in `mod_verto` HTTP POST body read
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, the modverto HTTP request handler allocates a fixed 2 MiB buffer for a POST...
CVE-2026-49841
FreeSWITCH is affected by a pre-authentication heap overflow in the mod_verto HTTP POST body read. Before version 1.11.1, the mod_verto HTTP request handler allocates a fixed 2 MiB buffer for application/x-www-form-urlencoded bodies but accepts Content-Length up to just under 10 MiB. The body-rea...
CVE-2026-49840
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, eslrecvevent parses Content-Length with atol and passes the result straight to malloclen ...
EUVD-2026-35471
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, eslrecvevent parses Content-Length with atol and passes the result straight to malloclen ...
CVE-2026-49840
CVE-2026-49840 affects FreeSWITCH libesl before version 1.11.1. The flaw occurs in esl_recv_event(): Content-Length is parsed with atol() and the result is passed to malloc(len + 1) without sign or magnitude checks, allowing a pre-authentication, remote attacker to corrupt the heap or crash the p...
CVE-2026-49475 FreeSWITCH: Out-of-bounds memory access in core STUN attribute parsing
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, a STUN packet whose declared attribute length is shorter than the structure the parser...
EUVD-2026-35470
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, a STUN packet whose declared attribute length is shorter than the structure the parser...
CVE-2026-49475
FreeSWITCH (core STUN attribute parsing) is affected. Prior to version 1.11.0, a STUN packet whose declared attribute length is shorter than the structure the parser casts to can cause an out-of-bounds read/write on the per-leg media buffer. The issue has been patched in version 1.11.0. The CVE’s...
CVE-2026-49472
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH includes a vulnerable function, PREFIXprologTok, in...
CVE-2026-49472 FreeSWITCH includes a vulnerable function, PREFIX(prologTok)() from libexpat
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH includes a vulnerable function, PREFIXprologTok, in...
EUVD-2026-35469
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH includes a vulnerable function, PREFIXprologTok, in...
CVE-2026-49472
CVE-2026-49472 affects FreeSWITCH (pre-1.11.0). The issue is a vulnerable PREFIX(prologTok)() in libs/xmlrpc-c/lib/expat/xmltok/xmltok_impl.c, cloned from an outdated libexpat lacking a security patch. Root cause: missing patch in the referenced expat-derived code. Impact: potential network-expos...
CVE-2026-45771
FreeSWITCH (before version 1.11.0) is vulnerable to a Denial-of-Service via its bundled XML parser, which expands nested declarations without a bound, allowing an unauthenticated attacker to drive unbounded CPU/memory usage by sending a crafted SIP PUBLISH PIDF body. The issue arises because the...
CVE-2026-45771 Freeswitch Denial-of-Service in SIP PUBLISH Requests via XML Entity Expansion
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH's bundled XML parser expands nested declarations without a depth or count boun...
EUVD-2026-35468
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH's bundled XML parser expands nested declarations without a depth or count boun...
CVE-2026-45771 Freeswitch Denial-of-Service in SIP PUBLISH Requests via XML Entity Expansion
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH's bundled XML parser expands nested declarations without a depth or count boun...