PT-2022-11373 · Wire-Avs · Wire-Avs

Published

2022-03-01

Updated

2022-03-09

CVE-2021-41193

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions wire-avs versions prior to 7.1.12

Description A remote format string vulnerability allows an attacker to cause a denial of service or possibly execute arbitrary code. The issue has been fixed in wire-avs 7.1.12. There are currently no known workarounds.

Recommendations For versions prior to 7.1.12, update to wire-avs 7.1.12 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable component until a patch is applied.

Fix

Use of Externally-Controlled Format String

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-134

Related Identifiers

CVE-2021-41193

GHSA-2J6V-XPF3-XVRV

Affected Products

Wire-Avs

PT-2022-11373 · Wire-Avs · Wire-Avs

CVE-2021-41193

Weakness Enumeration

Related Identifiers

Affected Products

References · 7