wire-avs provides Audio, Visual, and Signaling (AVS) functionality sure the secure messaging software Wire. Prior to versions 9.2.22 and 9.3.5, a remote format string vulnerability could potentially allow an attacker to cause a denial of service or possibly execute arbitrary code. The issue has been fixed in wire-avs 9.2.22 & 9.3.5 and is already included on all Wire products. No known workarounds are available.
References
| Link | Resource |
|---|---|
| https://github.com/wireapp/wire-avs/commit/364c3326a1331a84607bce2e17126306d39150cd | Patch |
| https://github.com/wireapp/wire-avs/security/advisories/GHSA-m4xg-fcr3-w3pq | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
29 Nov 2023, 20:51
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
| References | () https://github.com/wireapp/wire-avs/security/advisories/GHSA-m4xg-fcr3-w3pq - Patch, Vendor Advisory | |
| References | () https://github.com/wireapp/wire-avs/commit/364c3326a1331a84607bce2e17126306d39150cd - Patch | |
| CPE | cpe:2.3:a:wire:audio\,_video\,_and_signaling:*:*:*:*:*:*:*:* | |
| First Time |
Wire audio\, Video\, And Signaling
Wire |
20 Nov 2023, 18:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-11-20 18:15
Updated : 2023-12-10 15:26
NVD link : CVE-2023-48221
Mitre link : CVE-2023-48221
CVE.ORG link : CVE-2023-48221
JSON object : View
Products Affected
wire
- audio\,_video\,_and_signaling
CWE
CWE-134
Use of Externally-Controlled Format String