← Volver a CVEs

CVE-2020-27853

CRITICAL

9.8

Descripcion

Wire before 2020-10-16 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a format string. This affects Wire AVS (Audio, Video, and Signaling) 5.3 through 6.x before 6.4, the Wire Secure Messenger application before 3.49.918 for Android, and the Wire Secure Messenger application before 3.61 for iOS. This occurs via the value parameter to sdp_media_set_lattr in peerflow/sdp.c.

Detalles CVE

Puntuacion CVSS v3.19.8

SeveridadCRITICAL

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado10/27/2020

Ultima modificacion11/21/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

wire:wirewire:wire_-_audio\,_video\,_and_signalingwire:wire_secure_messenger

Debilidades (CWE)

CWE-134

Referencias

http://github.security.telekom.com/2020/11/wire-secure-messenger-format-string-vulnerability.html(cve@mitre.org)

https://github.com/wireapp/wire-audio-video-signaling/issues/23#issuecomment-710075689(cve@mitre.org)

http://github.security.telekom.com/2020/11/wire-secure-messenger-format-string-vulnerability.html(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/wireapp/wire-audio-video-signaling/issues/23#issuecomment-710075689(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.