FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, esl_recv_event() parses Content-Length with atol() and passes the result straight to malloc(len + 1) with no sign or magnitude check. A malicious or man-in-the-middle ESL peer can send a frame with a negative Content-Length to corrupt the heap of, or crash, any process linked against libesl, before the client has authenticated to that peer. This issue has been patched in version 1.11.1.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HFreeswitch
APPFreeswitch< 1.11.1
Related vulnerabilities
FreeSWITCH mod_verto: heap buffer overflow przed autoryzacją HTTP
FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml.
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom sw...
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom sw...
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom sw...