Headline
CVE-2021-41193: Build software better, together
wire-avs is the audio visual signaling (AVS) component of Wire, an open-source messenger. A remote format string vulnerability in versions prior to 7.1.12 allows an attacker to cause a denial of service or possibly execute arbitrary code. The issue has been fixed in wire-avs 7.1.12. There are currently no known workarounds.
Remote format string vulnerability
Affected versions
<7.1.12
Description
Impact
A remote format string vulnerability allowed an attacker to cause a denial of service or possibly execute arbitrary code.
Patches
- The issue has been fixed in wire-avs 7.1.12 and is already included on all Wire products (currently used version is 8.0.x)
Workarounds
- No workaround known
References
- Fixed in commit 40d373e
For more information
If you have any questions or comments about this advisory feel free to email us at [email protected]
CVE ID
CVE-2021-41193
GHSA ID
GHSA-2j6v-xpf3-xvrv
CWEs