PT-2021-21280 · Signalwire+1 · Freeswitch+1

Xiaobaozidi

Published

2021-04-13

Updated

2023-10-08

CVE-2021-36513

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions SignalWire freeswitch versions prior to 1.10.6

Description An issue was discovered in the function sofia handle sip i notify in sofia.c, which may allow attackers to view sensitive information due to an uninitialized value.

Recommendations For versions prior to 1.10.6, update to version 1.10.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the sofia handle sip i notify function until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-909

Related Identifiers

ALT-PU-2021-1643

ALT-PU-2021-1703

ALT-PU-2021-3374

ALT-PU-2021-3448

ALT-PU-2023-5726

CVE-2021-36513

Affected Products

Alt Linux

Freeswitch

PT-2021-21280 · Signalwire+1 · Freeswitch+1

CVE-2021-36513

Weakness Enumeration

Related Identifiers

Affected Products

References · 6