4 matches found
CVE-2023-51443
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.11, when handling DTLS-SRTP for media setup, FreeSWITCH is susceptible to Denial of Service...
FreeSWITCH 1.10.10 Denial Of Service Vulnerability
When handling DTLS-SRTP for media setup, FreeSWITCH version 1.10.10 is susceptible to denial of service due to a race condition in the hello handshake phase of the DTLS protocol. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. FreeSWITCH...
FreeSWITCH < 1.10.11 DoS Vulnerability
FreeSWITCH is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2023-51443
CVE-2023-51443 affects FreeSWITCH versions before 1.10.11. A race condition in the DTLS-SRTP handshake (DTLS ClientHello with invalid CipherSuite) can trigger a DTLS error, tearing down media and cascading to SIP signaling, causing DoS for new DTLS-SRTP calls. The documented fix is upgrading to F...