Headline
CVE-2023-48221: Remote format string vulnerability
wire-avs provides Audio, Visual, and Signaling (AVS) functionality sure the secure messaging software Wire. Prior to versions 9.2.22 and 9.3.5, a remote format string vulnerability could potentially allow an attacker to cause a denial of service or possibly execute arbitrary code. The issue has been fixed in wire-avs 9.2.22 & 9.3.5 and is already included on all Wire products. No known workarounds are available.
Affected versions
<=9.2.22, <=9.3.5
Patched versions
9.2.22, 9.3.5
Description
Impact
A remote format string vulnerability could potentially allow an attacker to cause a denial of service or possibly execute arbitrary code.
Patches
- The issue has been fixed in wire-avs 9.2.22 & 9.3.5 and is already included on all Wire products.
Workarounds
- No workaround known
References
- Fixed in commit 364c332
For more information
If you have any questions or comments about this advisory feel free to email us at [email protected]