CVE-2023-48221
7.3
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:H
Summary
wire-avs provides Audio, Visual, and Signaling (AVS) functionality sure the secure messaging software Wire. Prior to versions 9.2.22 and 9.3.5, a remote format string vulnerability could potentially allow an attacker to cause a denial of service or possibly execute arbitrary code. The issue has been fixed in wire-avs 9.2.22 & 9.3.5 and is already included on all Wire products. No known workarounds are available.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| wireapp | wire-avs | < 9.2.22 | affected |
| wireapp | wire-avs | >= 9.3.0, < 9.3.5 | affected |
Weaknesses
- CWE-134: CWE-134: Use of Externally-Controlled Format String
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/wireapp/wire-avs/security/advisories/GHSA-m4xg-fcr3-w3pq
- https://github.com/wireapp/wire-avs/commit/364c3326a1331a84607bce2e17126306d39150cd
References
- https://github.com/wireapp/wire-avs/security/advisories/GHSA-m4xg-fcr3-w3pq
- https://github.com/wireapp/wire-avs/commit/364c3326a1331a84607bce2e17126306d39150cd
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.