21 matches found
CVE-2021-41158
CVE-2021-41158 affects FreeSWITCH prior to 1.10.7. An attacker can trigger a SIP digest leak by provoking challenges with the realm of a configured gateway, causing FreeSWITCH to reveal the gateway’s challenge response (password-derived) without special network privileges. Root cause: flawed chal...
CVE-2021-37624
CVE-2021-37624 affects FreeSWITCH up to version 1.10.6, where SIP MESSAGE requests are not authenticated by default, allowing spam and message spoofing. The issue is mitigated by upgrading to 1.10.7, which patches the flaw; maintainers also recommend making MESSAGE authentication the default and ...
CVE-2021-41105
FreeSWITCH before v1.10.7 is vulnerable to a DoS on SRTP handling where calls can be terminated by remote attackers by flooding SRTP traffic; impact is denial of service on encrypted calls. The issue is patched in v1.10.7 per the CVE description, while PTSecurity entries cite a fixed release of v...
CVE-2021-41157
CVE-2021-41157 affects FreeSWITCH where SIP SUBSCRIBE requests are not authenticated by default in affected releases. The issue allows unauthenticated subscriptions to user agent event notifications, posing privacy risks (e.g., monitoring SIP extensions). The advisory notes a fix in v1.10.6, but ...
CVE-2021-41145
Concretely, CVE-2021-41145 affects FreeSWITCH and interfaces exposing a DoS vector before version 1.10.7: an attacker can flood the SIP stack (via UDP/TCP/TLS) and exhaust memory, crashing the server without authentication. The issue was fixed in 1.10.7. Additional PTSecurity entries describe rel...
CVE-2019-19492
CVE-2019-19492 affects FreeSWITCH versions 1.6.10–1.10.1 due to a default password in the event_socket.conf.xml. The underlying issue is the presence of a default credential in the event_socket component, which could allow unauthorized access if the default credentials are not changed. The connec...
CVE-2015-7392
CVE-2015-7392 is a heap-based overflow in FreeSWITCH’s JSON parser. The flaw lives in the parse_string function of esl_json.c and is exploitable via a crafted JSON string to cJSON_Parse, affecting FreeSWITCH < 1.4.23 and
CVE-2023-51443
CVE-2023-51443 affects FreeSWITCH versions before 1.10.11. A race condition in the DTLS-SRTP handshake (DTLS ClientHello with invalid CipherSuite) can trigger a DTLS error, tearing down media and cascading to SIP signaling, causing DoS for new DTLS-SRTP calls. The documented fix is upgrading to F...
CVE-2018-19911
FreeSWITCH up to 1.8.2 with mod_xml_rpc enabled is vulnerable to remote command execution via the api/system/txtapi/system endpoints on TCP port 8080 (example: api/system?calc). The issue can also be exploited via CSRF, and in some cases the freeswitch account’s default password may be usable. Th...
CVE-2023-40018
CVE-2023-40018 concerns FreeSWITCH prior to 1.10.10, where remote attackers can trigger an out-of-bounds write by offering an ICE candidate with an unknown component ID. When an SDP is offered with such ICE candidates, FreeSWITCH may write past array bounds, potentially corrupting memory and caus...
CVE-2013-2238
Summary: CVE-2013-2238 affects FreeSWITCH 1.2.x. Multiple buffer overflows in the switch_perform_substitution logic of switch_regex.c can be triggered by crafted inputs, potentially causing a crash (DoS) and possibly enabling remote code execution. Affected product/component: FreeSWITCH 1.2.x (no...
CVE-2023-40019
CVE-2023-40019 (FreeSWITCH) affects versions prior to 1.10.10. During SDP re-negotiation, an authorized user can send a re-INVITE with duplicate codec names; the system may perform more codec matches than expected, causing overflows in internal arrays and potentially corrupting the stack, leading...
CVE-2026-49840
CVE-2026-49840 affects FreeSWITCH libesl before version 1.11.1. The flaw occurs in esl_recv_event(): Content-Length is parsed with atol() and the result is passed to malloc(len + 1) without sign or magnitude checks, allowing a pre-authentication, remote attacker to corrupt the heap or crash the p...
CVE-2026-49841
FreeSWITCH is affected by a pre-authentication heap overflow in the mod_verto HTTP POST body read. Before version 1.11.1, the mod_verto HTTP request handler allocates a fixed 2 MiB buffer for application/x-www-form-urlencoded bodies but accepts Content-Length up to just under 10 MiB. The body-rea...
CVE-2026-45771
FreeSWITCH (before version 1.11.0) is vulnerable to a Denial-of-Service via its bundled XML parser, which expands nested declarations without a bound, allowing an unauthenticated attacker to drive unbounded CPU/memory usage by sending a crafted SIP PUBLISH PIDF body. The issue arises because the...
CVE-2026-49848
FreeSWITCH CVE-2026-49848: In mod_verto, the pre-authentication check_auth path writes request-supplied userVariables into the connection state before password comparison. Writes are append-only and the connection isn’t closed on a failed compare, so values from bad-password attempts persist on t...
CVE-2026-49847
CVE-2026-49847 affects FreeSWITCH prior to version 1.11.1, where a single unauthenticated WebSocket frame containing a deeply nested JSON document can trigger a stack overflow in the bundled cJSON parser. The recursion drives the worker thread’s stack into the guard page, causing a kernel SIGSEGV...
CVE-2026-49475
FreeSWITCH (core STUN attribute parsing) is affected. Prior to version 1.11.0, a STUN packet whose declared attribute length is shorter than the structure the parser casts to can cause an out-of-bounds read/write on the per-leg media buffer. The issue has been patched in version 1.11.0. The CVE’s...
CVE-2026-49843
FreeSWITCH vulnerability CVE-2026-49843 affects mod_verto before version 1.11.1. The JSON-RPC handler binds the client-supplied sessid on the first frame prior to authentication, inserting the connection into the global session hash and evicting any prior occupant on key collision (sending verto....
CVE-2026-49472
CVE-2026-49472 affects FreeSWITCH (pre-1.11.0). The issue is a vulnerable PREFIX(prologTok)() in libs/xmlrpc-c/lib/expat/xmltok/xmltok_impl.c, cloned from an outdated libexpat lacking a security patch. Root cause: missing patch in the referenced expat-derived code. Impact: potential network-expos...
CVE-2026-49842
CVE-2026-49842 - FreeSWITCH mod_verto pre-auth bandwidth amplification : Before v1.11.1, FreeSWITCH’s mod_verto WebSocket frame loop processed a #-prefixed speed-test protocol (#SPU/#SPB/#SPE) prior to authentication. The payload size in #SPU was parsed with atoi() and non-positive values were re...