3 matches found
CVE-2015-7392 Heap overflow in Freeswitch json parser < 1.6.2 & < 1.4.23
Advisory Information Title: Heap overflow in freeswitch json parser 1.6.2 & 1.4.23 Submitter: Marcello Duarte [email protected] Product: freeswitch Product URL: http://freeswitch.org Affected Versions: freeswitch 1.6.2 & 1.4.23 Fixed Versions: 1.6.2 , 1.4.23 Link to source code diff:...
CVE-2015-7392
Heap-based buffer overflow in the parsestring function in libs/esl/src/esljson.c in FreeSWITCH before 1.4.23 and 1.6.x before 1.6.2 allows remote attackers to execute arbitrary code via a trailing \u in a json string to cJSONParse...
CVE-2015-7392
CVE-2015-7392 is a heap-based overflow in FreeSWITCH’s JSON parser. The flaw lives in the parse_string function of esl_json.c and is exploitable via a crafted JSON string to cJSON_Parse, affecting FreeSWITCH < 1.4.23 and