First published: Tue Mar 01 2022(Updated: )
wire-avs is the audio visual signaling (AVS) component of Wire, an open-source messenger. A remote format string vulnerability in versions prior to 7.1.12 allows an attacker to cause a denial of service or possibly execute arbitrary code. The issue has been fixed in wire-avs 7.1.12. There are currently no known workarounds.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Wire Wire-audio Video Signaling | <7.1.12 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-41193 is a remote format string vulnerability in wire-avs, the audio visual signaling (AVS) component of Wire, an open-source messenger.
CVE-2021-41193 has a severity level of 9.8 (critical).
CVE-2021-41193 allows an attacker to cause a denial of service or possibly execute arbitrary code in Wire versions prior to 7.1.12.
To fix CVE-2021-41193, update wire-avs to version 7.1.12 or later.
You can find more information about CVE-2021-41193 in the following references: [GitHub Commit](https://github.com/wireapp/wire-avs/commit/40d373ede795443ae6f2f756e9fb1f4f4ae90bbe), [GitHub Security Advisories](https://github.com/wireapp/wire-avs/security/advisories/GHSA-2j6v-xpf3-xvrv).