Описание
Use of Externally-Controlled Format String in wire-avs
Impact
A remote format string vulnerability allowed an attacker to cause a denial of service or possibly execute arbitrary code.
Patches
- The issue has been fixed in wire-avs 7.1.12 and is already included on all Wire products (currently used version is 8.0.x)
Workarounds
- No workaround known
References
For more information
If you have any questions or comments about this advisory feel free to email us at vulnerability-report@wire.com
Пакеты
Наименование
com.wire:avs
maven
Затронутые версииВерсия исправления
< 7.1.12
7.1.12
Связанные уязвимости
CVSS3: 9.8
nvd
почти 4 года назад
wire-avs is the audio visual signaling (AVS) component of Wire, an open-source messenger. A remote format string vulnerability in versions prior to 7.1.12 allows an attacker to cause a denial of service or possibly execute arbitrary code. The issue has been fixed in wire-avs 7.1.12. There are currently no known workarounds.