HIGH🇬🇧 English

CVE-2026-49842

CVSS 7.5v3.1pub. 2026-06-09upd. 2026-06-10

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, mod_verto's WebSocket frame loop intercepts a #-prefixed speed-test protocol (#SPU / #SPB / #SPE) before any authentication check. The declared payload size in #SPU was parsed with atoi() and only rejected non-positive values, so an unauthenticated peer could request up to INT_MAX bytes. The server then wrote roughly size * 10 bytes back during the download phase, on the order of 20 GB per request, yielding strong outbound bandwidth amplification from a short request. This issue has been patched in version 1.11.1.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Freeswitch

    APP
    Freeswitch
    < 1.11.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2026-49841CRITICAL9.8PL ✓ten sam produkt

FreeSWITCH mod_verto: heap buffer overflow przed autoryzacją HTTP

CVE-2026-49840CRITICAL9.1PL ✓ten sam produkt

FreeSWITCH libesl: heap buffer overflow przez ujemny Content-Length w ESL

CVE-2019-19492CRITICAL9.8ten sam produkt

FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml.

CVE-2026-45771HIGH7.5ten sam produkt

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom sw...

CVE-2026-49475HIGH7.5ten sam produkt

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom sw...