CVE-2024-24260

Name of the Vulnerable Software and Affected Versions media-server version 1.0.0

Description The issue is related to a Use-After-Free (UAF) vulnerability. This vulnerability occurs when the sip subscribe remove function is used. The UAF vulnerability is a type of memory corruption bug that can cause a program to access memory after it has been freed, potentially leading to crashes or code execution.

Recommendations For media-server version 1.0.0, as a temporary workaround, consider disabling the sip subscribe remove function until a patch is available. Restrict access to the /uac/sip-uac-subscribe.c module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.