CVE-2023-40018 - OpenCVE

Vendors	Products
Freeswitch	Freeswitch

Link	Providers
https://github.com/signalwire/freeswitch/releases/tag/v1.10.10
https://github.com/signalwire/freeswitch/security/advisories/GHSA-7mwp-86fv-hcg3

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-40018", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-08-08T13:46:25.242Z", "datePublished": "2023-09-15T19:32:19.207Z", "dateUpdated": "2024-08-02T18:24:54.689Z"}, "containers": {"cna": {"title": "FreeSWITCH allows remote users to trigger out of bounds write by offering an ICE candidate with unknown component ID", "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "lang": "en", "description": "CWE-787: Out-of-bounds Write", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/signalwire/freeswitch/security/advisories/GHSA-7mwp-86fv-hcg3", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/signalwire/freeswitch/security/advisories/GHSA-7mwp-86fv-hcg3"}, {"name": "https://github.com/signalwire/freeswitch/releases/tag/v1.10.10", "tags": ["x_refsource_MISC"], "url": "https://github.com/signalwire/freeswitch/releases/tag/v1.10.10"}], "affected": [{"vendor": "signalwire", "product": "freeswitch", "versions": [{"version": "< 1.10.10", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-09-15T19:32:19.207Z"}, "descriptions": [{"lang": "en", "value": "FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows remote users to trigger out of bounds write by offering an ICE candidate with unknown component ID. When an SDP is offered with any ICE candidates with an unknown component ID, FreeSWITCH will make an out of bounds write to its arrays. By abusing this vulnerability, an attacker is able to corrupt FreeSWITCH memory leading to an undefined behavior of the system or a crash of it. Version 1.10.10 contains a patch for this issue."}], "source": {"advisory": "GHSA-7mwp-86fv-hcg3", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:24:54.689Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/signalwire/freeswitch/security/advisories/GHSA-7mwp-86fv-hcg3", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/signalwire/freeswitch/security/advisories/GHSA-7mwp-86fv-hcg3"}, {"name": "https://github.com/signalwire/freeswitch/releases/tag/v1.10.10", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/signalwire/freeswitch/releases/tag/v1.10.10"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:freeswitch:freeswitch:*:*:*:*:*:*:*:*", "matchCriteriaId": "5FBCE979-CA36-45E2-B9DE-11B260D2AB19", "versionEndExcluding": "1.10.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows remote users to trigger out of bounds write by offering an ICE candidate with unknown component ID. When an SDP is offered with any ICE candidates with an unknown component ID, FreeSWITCH will make an out of bounds write to its arrays. By abusing this vulnerability, an attacker is able to corrupt FreeSWITCH memory leading to an undefined behavior of the system or a crash of it. Version 1.10.10 contains a patch for this issue."}, {"lang": "es", "value": "FreeSWITCH es una pila de telecomunicaciones definida por software que permite la transformaci\u00f3n digital de switches de telecomunicaciones propietarios a una implementaci\u00f3n de software que se ejecuta en cualquier hardware b\u00e1sico. Antes de la versi\u00f3n 1.10.10, FreeSWITCH permit\u00eda a los usuarios remotos activar escritura fuera de l\u00edmites ofreciendo un candidato ICE con un ID de componente desconocido. Cuando se ofrece un SDP con candidatos ICE con un ID de componente desconocido, FreeSWITCH realizar\u00e1 una escritura fuera de l\u00edmites en sus matrices. Al abusar de esta vulnerabilidad, un atacante puede corromper la memoria de FreeSWITCH, lo que provoca un comportamiento indefinido del sistema o un bloqueo del mismo. La versi\u00f3n 1.10.10 contiene un parche para este problema."}], "id": "CVE-2023-40018", "lastModified": "2023-09-21T15:05:34.567", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-09-15T20:15:09.447", "references": [{"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/signalwire/freeswitch/releases/tag/v1.10.10"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/signalwire/freeswitch/security/advisories/GHSA-7mwp-86fv-hcg3"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "security-advisories@github.com", "type": "Primary"}]}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object