First published: Tue Oct 27 2020(Updated: )
Wire before 2020-10-16 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a format string. This affects Wire AVS (Audio, Video, and Signaling) 5.3 through 6.x before 6.4, the Wire Secure Messenger application before 3.49.918 for Android, and the Wire Secure Messenger application before 3.61 for iOS. This occurs via the value parameter to sdp_media_set_lattr in peerflow/sdp.c.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Wire Wire | <3.21.2936 | |
Wire Wire | <3.21.3932 | |
Wire Wire | <3.21.3959 | |
Wire Wire - Audio\, Video\, And Signaling | >=5.3<6.4 | |
Wire Wire Secure Messenger | <3.49.918 | |
Wire Wire Secure Messenger | <3.61 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-27853 is a vulnerability that allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a format string.
Wire AVS (Audio, Video, and Signaling) versions 5.3 through 6.x before 6.4, Wire Secure Messenger application before 3.49.918 for Android, and Wire Secure Messenger application before 3.61 for iPhone OS are affected.
CVE-2020-27853 has a severity rating of 9.8 (critical).
CVE-2020-27853 can be exploited by remote attackers through a format string vulnerability.
Yes, you can find references for CVE-2020-27853 at the following links: - [http://github.security.telekom.com/2020/11/wire-secure-messenger-format-string-vulnerability.html](http://github.security.telekom.com/2020/11/wire-secure-messenger-format-string-vulnerability.html) - [https://github.com/wireapp/wire-audio-video-signaling/issues/23#issuecomment-710075689](https://github.com/wireapp/wire-audio-video-signaling/issues/23#issuecomment-710075689)