CVE-2023-40019

Name of the Vulnerable Software and Affected Versions FreeSWITCH versions prior to 1.10.10

Description The issue allows authorized users to cause a denial of service attack by sending re-INVITE with SDP containing duplicate codec names. When a call completes codec negotiation, the codec string channel variable is set with the result of the negotiation. On a subsequent re-negotiation, if an SDP is offered that contains codecs with the same names but with different formats, there may be too many codec matches detected by FreeSWITCH leading to overflows of its internal arrays. By abusing this vulnerability, an attacker is able to corrupt the stack of FreeSWITCH leading to an undefined behavior of the system or simply crash it.

Recommendations For versions prior to 1.10.10, update to version 1.10.10 to resolve the issue. As a temporary workaround, consider restricting the use of re-INVITE with SDP containing duplicate codec names to minimize the risk of exploitation.