CVE-2023-40019 - OpenCVE

Vendors	Products
Freeswitch	Freeswitch

Link	Resource
https://github.com/signalwire/freeswitch/releases/tag/v1.10.10	Release Notes
https://github.com/signalwire/freeswitch/security/advisories/GHSA-gjj5-79p2-9g3q	Exploit Vendor Advisory

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-40019", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-08-08T13:46:25.242Z", "datePublished": "2023-09-15T19:34:32.429Z", "dateUpdated": "2023-09-15T19:34:32.429Z"}, "containers": {"cna": {"title": "FreeSWITCH allows authorized users to cause a denial of service attack by sending re-INVITE with SDP containing duplicate codec names", "problemTypes": [{"descriptions": [{"cweId": "CWE-770", "lang": "en", "description": "CWE-770: Allocation of Resources Without Limits or Throttling", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/signalwire/freeswitch/security/advisories/GHSA-gjj5-79p2-9g3q", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/signalwire/freeswitch/security/advisories/GHSA-gjj5-79p2-9g3q"}, {"name": "https://github.com/signalwire/freeswitch/releases/tag/v1.10.10", "tags": ["x_refsource_MISC"], "url": "https://github.com/signalwire/freeswitch/releases/tag/v1.10.10"}], "affected": [{"vendor": "signalwire", "product": "freeswitch", "versions": [{"version": "< 1.10.10", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-09-15T19:34:32.429Z"}, "descriptions": [{"lang": "en", "value": "FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows authorized users to cause a denial of service attack by sending re-INVITE with SDP containing duplicate codec names. When a call in FreeSWITCH completes codec negotiation, the `codec_string` channel variable is set with the result of the negotiation. On a subsequent re-negotiation, if an SDP is offered that contains codecs with the same names but with different formats, there may be too many codec matches detected by FreeSWITCH leading to overflows of its internal arrays. By abusing this vulnerability, an attacker is able to corrupt stack of FreeSWITCH leading to an undefined behavior of the system or simply crash it. Version 1.10.10 contains a patch for this issue."}], "source": {"advisory": "GHSA-gjj5-79p2-9g3q", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:freeswitch:freeswitch:*:*:*:*:*:*:*:*", "matchCriteriaId": "5FBCE979-CA36-45E2-B9DE-11B260D2AB19", "versionEndExcluding": "1.10.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows authorized users to cause a denial of service attack by sending re-INVITE with SDP containing duplicate codec names. When a call in FreeSWITCH completes codec negotiation, the `codec_string` channel variable is set with the result of the negotiation. On a subsequent re-negotiation, if an SDP is offered that contains codecs with the same names but with different formats, there may be too many codec matches detected by FreeSWITCH leading to overflows of its internal arrays. By abusing this vulnerability, an attacker is able to corrupt stack of FreeSWITCH leading to an undefined behavior of the system or simply crash it. Version 1.10.10 contains a patch for this issue."}, {"lang": "es", "value": "FreeSWITCH es una pila de telecomunicaciones definida por software que permite la transformaci\u00f3n digital de switches de telecomunicaciones propietarios a una implementaci\u00f3n de software que se ejecuta en cualquier hardware b\u00e1sico. Antes de la versi\u00f3n 1.10.10, FreeSWITCH permit\u00eda a los usuarios autorizados provocar un ataque de denegaci\u00f3n de servicio enviando un nuevo INVITE con SDP que conten\u00eda nombres de c\u00f3dec duplicados. Cuando una llamada en FreeSWITCH completa la negociaci\u00f3n del c\u00f3dec, la variable de canal `codec_string` se configura con el resultado de la negociaci\u00f3n. En una renegociaci\u00f3n posterior, si se ofrece un SDP que contiene c\u00f3decs con los mismos nombres pero con diferentes formatos, es posible que FreeSWITCH detecte demasiadas coincidencias de c\u00f3decs, lo que provocar\u00e1 desbordamientos de sus matrices internas. Al abusar de esta vulnerabilidad, un atacante puede corromper la pila de FreeSWITCH, lo que provoca un comportamiento indefinido del sistema o simplemente bloquearlo. La versi\u00f3n 1.10.10 contiene un parche para este problema."}], "id": "CVE-2023-40019", "lastModified": "2023-09-21T18:04:04.783", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-09-15T20:15:09.637", "references": [{"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/signalwire/freeswitch/releases/tag/v1.10.10"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/signalwire/freeswitch/security/advisories/GHSA-gjj5-79p2-9g3q"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "security-advisories@github.com", "type": "Primary"}]}

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

JSON object

JSON object

JSON object