VulnCheck KEV: CVE-2019-19492

FreeSWITCH 1.6.10 through 1.10.1 has a default password in eventsocket.conf.xml...

CVE-2023-40019

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows authorized users to cause a denial of service attack by sending...

ALPINE-CVE-2023-51443

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.11, when handling DTLS-SRTP for media setup, FreeSWITCH is susceptible to Denial of Service...

DEBIAN-CVE-2022-31002

Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with %. Version 1.13.8 contains a patch for this issue...

ALPINE-CVE-2021-41105

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. When handling SRTP calls, FreeSWITCH prior to version 1.10.7 is susceptible to a DoS where calls can be terminated...

FreeSWITCH Heap Buffer Overflow Vulnerability

FreeSWITCH is a free, open source communications software developed by American software developer Anthony Minessale. A heap buffer overflow vulnerability exists in the 'parsestring' function in the libs/esl/src/esljson.c file in FreeSWITCH versions 1.4.21 and earlier, and version 1.6.0. A remote...