CVE-2021-41193

Опубликовано: 01 мар. 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

wire-avs is the audio visual signaling (AVS) component of Wire, an open-source messenger. A remote format string vulnerability in versions prior to 7.1.12 allows an attacker to cause a denial of service or possibly execute arbitrary code. The issue has been fixed in wire-avs 7.1.12. There are currently no known workarounds.

Ссылки

https://github.com/wireapp/wire-avs/commit/40d373ede795443ae6f2f756e9fb1f4f4ae90bbe
Patch
Third Party Advisory
https://github.com/wireapp/wire-avs/security/advisories/GHSA-2j6v-xpf3-xvrv
Patch
Third Party Advisory
https://github.com/wireapp/wire-avs/commit/40d373ede795443ae6f2f756e9fb1f4f4ae90bbe
Patch
Third Party Advisory
https://github.com/wireapp/wire-avs/security/advisories/GHSA-2j6v-xpf3-xvrv
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wire:wire-audio_video_signaling:*:*:*:*:*:*:*:*

Версия до 7.1.12 (исключая)

EPSS

Процентиль: 78%

0.01144

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-134

Связанные уязвимости

GHSA-2j6v-xpf3-xvrv