Remote format string vulnerability

High

sanojwr published GHSA-m4xg-fcr3-w3pq

Nov 20, 2023

Package

wire-avs (wire)

Affected versions

<=9.2.22, <=9.3.5

Patched versions

9.2.22, 9.3.5

Description

Impact

A remote format string vulnerability could potentially allow an attacker to cause a denial of service or possibly execute arbitrary code.

Patches

The issue has been fixed in wire-avs 9.2.22 & 9.3.5 and is already included on all Wire products.

Workarounds

No workaround known

References

Fixed in commit 364c332

For more information

If you have any questions or comments about this advisory feel free to email us at vulnerability-report@wire.com

Severity

High

7.3

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

High

Privileges required

High

User interaction

Required

Scope

Changed

Confidentiality

None

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:H