CVE-2023-48221

Summary

wire-avs provides Audio, Visual, and Signaling (AVS) functionality sure the secure messaging software Wire. Prior to versions 9.2.22 and 9.3.5, a remote format string vulnerability could potentially allow an attacker to cause a denial of service or possibly execute arbitrary code. The issue has been fixed in wire-avs 9.2.22 & 9.3.5 and is already included on all Wire products. No known workarounds are available.

Affected Software

VendorProductVersion RangeStatus
wireappwire-avs< 9.2.22affected
wireappwire-avs>= 9.3.0, < 9.3.5affected

Weaknesses

  • CWE-134: CWE-134: Use of Externally-Controlled Format String

ADP Enrichment

CVE Program Container

Additional References

References