FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows remote users to trigger out of bounds write by offering an ICE candidate with unknown component ID. When an SDP is offered with any ICE candidates with an unknown component ID, FreeSWITCH will make an out of bounds write to its arrays. By abusing this vulnerability, an attacker is able to corrupt FreeSWITCH memory leading to an undefined behavior of the system or a crash of it. Version 1.10.10 contains a patch for this issue.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-09-15T19:32:19.207Z
Updated: 2024-08-02T18:24:54.689Z
Reserved: 2023-08-08T13:46:25.242Z
Link: CVE-2023-40018
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-09-15T20:15:09.447
Modified: 2023-09-21T15:05:34.567
Link: CVE-2023-40018
Redhat
No data.