CVE-2023-51443

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-51443
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-51443.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-51443
Aliases
  • GHSA-39gv-hq72-j6m6
Published
2023-12-27T17:15:08Z
Modified
2024-12-05T15:36:15.918388Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.11, when handling DTLS-SRTP for media setup, FreeSWITCH is susceptible to Denial of Service due to a race condition in the hello handshake phase of the DTLS protocol. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. If an attacker manages to send a ClientHello DTLS message with an invalid CipherSuite (such as TLS_NULL_WITH_NULL_NULL) to the port on the FreeSWITCH server that is expecting packets from the caller, a DTLS error is generated. This results in the media session being torn down, which is followed by teardown at signaling (SIP) level too. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable FreeSWITCH servers for calls that rely on DTLS-SRTP. To address this vulnerability, upgrade FreeSWITCH to 1.10.11 which includes the security fix. The solution implemented is to drop all packets from addresses that have not been validated by an ICE check.

References

Affected packages

Alpine:v3.17 / freeswitch

Package

Name
freeswitch
Purl
pkg:apk/alpine/freeswitch?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.10.11-r0

Affected versions

1.*

1.0.3-r0
1.0.3-r1
1.0.4-r0
1.0.4-r1
1.0.4-r2
1.0.4-r3
1.0.6-r0
1.0.6-r1
1.0.6-r2
1.0.6-r3
1.0.6-r4
1.0.6-r5
1.0.6-r6
1.0.6-r7
1.0.6-r8
1.0.6-r9
1.0.6-r10
1.0.6-r11
1.0.6-r12
1.0.6-r13
1.0.6-r14
1.0.6-r15
1.0.6-r16
1.0.6-r17
1.0.7-r0
1.0.7-r1
1.0.7-r2
1.0.7_p20110323-r0
1.0.7_p20110323-r1
1.0.7_p20110527-r0
1.0.7_p20110602-r0
1.0.7_p20110602-r1
1.0.7_p20110602-r2
1.0.7_p20110602-r3
1.0.7_p20110602-r4
1.0.7_p20110602-r5
1.0.7_p20110602-r6
1.0.7_p20110602-r7
1.0.7_p20120309-r1
1.2.0-r0
1.2.0-r1
1.2.0-r2
1.2.0-r3
1.2.5.3-r0
1.2.5.3-r1
1.2.5.3-r2
1.2.5.3-r3
1.2.10-r0
1.4.0-r0
1.4.0-r1
1.4.0-r2
1.4.6-r0
1.4.6-r1
1.4.7-r0
1.4.7-r1
1.4.13-r0
1.4.18-r0
1.4.18-r1
1.4.18-r2
1.4.18-r3
1.4.18-r4
1.4.18-r5
1.4.18-r6
1.4.19-r0
1.4.19-r1
1.4.19-r2
1.4.20-r0
1.4.20-r1
1.4.20-r2
1.4.20-r3
1.4.20-r4
1.4.20-r5
1.6.2-r0
1.6.2-r1
1.6.2-r2
1.6.2-r3
1.6.2-r4
1.6.2-r5
1.6.6-r0
1.6.6-r1
1.6.6-r2
1.6.7-r0
1.6.7-r1
1.6.7-r2
1.6.9-r0
1.6.11-r0
1.6.13-r0
1.6.15-r0
1.6.17-r0
1.6.19-r0
1.6.19-r1
1.6.20-r0
1.8.2-r0
1.8.2-r1
1.8.5-r0
1.8.5-r1
1.8.7-r0
1.8.7-r1
1.10.2-r0
1.10.2-r1
1.10.3-r0
1.10.3-r1
1.10.3-r2
1.10.3-r3
1.10.5-r0
1.10.5-r1
1.10.5-r2
1.10.6-r0
1.10.6-r1
1.10.6-r2
1.10.7-r0
1.10.7-r1
1.10.7-r2
1.10.7-r3
1.10.7-r4
1.10.7-r5
1.10.8-r0
1.10.10-r0

Alpine:v3.18 / freeswitch

Package

Name
freeswitch
Purl
pkg:apk/alpine/freeswitch?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.10.11-r0

Affected versions

1.*

1.0.3-r0
1.0.3-r1
1.0.4-r0
1.0.4-r1
1.0.4-r2
1.0.4-r3
1.0.6-r0
1.0.6-r1
1.0.6-r2
1.0.6-r3
1.0.6-r4
1.0.6-r5
1.0.6-r6
1.0.6-r7
1.0.6-r8
1.0.6-r9
1.0.6-r10
1.0.6-r11
1.0.6-r12
1.0.6-r13
1.0.6-r14
1.0.6-r15
1.0.6-r16
1.0.6-r17
1.0.7-r0
1.0.7-r1
1.0.7-r2
1.0.7_p20110323-r0
1.0.7_p20110323-r1
1.0.7_p20110527-r0
1.0.7_p20110602-r0
1.0.7_p20110602-r1
1.0.7_p20110602-r2
1.0.7_p20110602-r3
1.0.7_p20110602-r4
1.0.7_p20110602-r5
1.0.7_p20110602-r6
1.0.7_p20110602-r7
1.0.7_p20120309-r1
1.2.0-r0
1.2.0-r1
1.2.0-r2
1.2.0-r3
1.2.5.3-r0
1.2.5.3-r1
1.2.5.3-r2
1.2.5.3-r3
1.2.10-r0
1.4.0-r0
1.4.0-r1
1.4.0-r2
1.4.6-r0
1.4.6-r1
1.4.7-r0
1.4.7-r1
1.4.13-r0
1.4.18-r0
1.4.18-r1
1.4.18-r2
1.4.18-r3
1.4.18-r4
1.4.18-r5
1.4.18-r6
1.4.19-r0
1.4.19-r1
1.4.19-r2
1.4.20-r0
1.4.20-r1
1.4.20-r2
1.4.20-r3
1.4.20-r4
1.4.20-r5
1.6.2-r0
1.6.2-r1
1.6.2-r2
1.6.2-r3
1.6.2-r4
1.6.2-r5
1.6.6-r0
1.6.6-r1
1.6.6-r2
1.6.7-r0
1.6.7-r1
1.6.7-r2
1.6.9-r0
1.6.11-r0
1.6.13-r0
1.6.15-r0
1.6.17-r0
1.6.19-r0
1.6.19-r1
1.6.20-r0
1.8.2-r0
1.8.2-r1
1.8.5-r0
1.8.5-r1
1.8.7-r0
1.8.7-r1
1.10.2-r0
1.10.2-r1
1.10.3-r0
1.10.3-r1
1.10.3-r2
1.10.3-r3
1.10.5-r0
1.10.5-r1
1.10.5-r2
1.10.6-r0
1.10.6-r1
1.10.6-r2
1.10.7-r0
1.10.7-r1
1.10.7-r2
1.10.7-r3
1.10.7-r4
1.10.7-r5
1.10.8-r0
1.10.8-r1
1.10.8-r2
1.10.8-r3
1.10.8-r4
1.10.8-r5
1.10.9-r0
1.10.9-r1
1.10.9-r2
1.10.10-r0

Alpine:v3.19 / freeswitch

Package

Name
freeswitch
Purl
pkg:apk/alpine/freeswitch?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.10.11-r0

Affected versions

1.*

1.0.3-r0
1.0.3-r1
1.0.4-r0
1.0.4-r1
1.0.4-r2
1.0.4-r3
1.0.6-r0
1.0.6-r1
1.0.6-r2
1.0.6-r3
1.0.6-r4
1.0.6-r5
1.0.6-r6
1.0.6-r7
1.0.6-r8
1.0.6-r9
1.0.6-r10
1.0.6-r11
1.0.6-r12
1.0.6-r13
1.0.6-r14
1.0.6-r15
1.0.6-r16
1.0.6-r17
1.0.7-r0
1.0.7-r1
1.0.7-r2
1.0.7_p20110323-r0
1.0.7_p20110323-r1
1.0.7_p20110527-r0
1.0.7_p20110602-r0
1.0.7_p20110602-r1
1.0.7_p20110602-r2
1.0.7_p20110602-r3
1.0.7_p20110602-r4
1.0.7_p20110602-r5
1.0.7_p20110602-r6
1.0.7_p20110602-r7
1.0.7_p20120309-r1
1.2.0-r0
1.2.0-r1
1.2.0-r2
1.2.0-r3
1.2.5.3-r0
1.2.5.3-r1
1.2.5.3-r2
1.2.5.3-r3
1.2.10-r0
1.4.0-r0
1.4.0-r1
1.4.0-r2
1.4.6-r0
1.4.6-r1
1.4.7-r0
1.4.7-r1
1.4.13-r0
1.4.18-r0
1.4.18-r1
1.4.18-r2
1.4.18-r3
1.4.18-r4
1.4.18-r5
1.4.18-r6
1.4.19-r0
1.4.19-r1
1.4.19-r2
1.4.20-r0
1.4.20-r1
1.4.20-r2
1.4.20-r3
1.4.20-r4
1.4.20-r5
1.6.2-r0
1.6.2-r1
1.6.2-r2
1.6.2-r3
1.6.2-r4
1.6.2-r5
1.6.6-r0
1.6.6-r1
1.6.6-r2
1.6.7-r0
1.6.7-r1
1.6.7-r2
1.6.9-r0
1.6.11-r0
1.6.13-r0
1.6.15-r0
1.6.17-r0
1.6.19-r0
1.6.19-r1
1.6.20-r0
1.8.2-r0
1.8.2-r1
1.8.5-r0
1.8.5-r1
1.8.7-r0
1.8.7-r1
1.10.2-r0
1.10.2-r1
1.10.3-r0
1.10.3-r1
1.10.3-r2
1.10.3-r3
1.10.5-r0
1.10.5-r1
1.10.5-r2
1.10.6-r0
1.10.6-r1
1.10.6-r2
1.10.7-r0
1.10.7-r1
1.10.7-r2
1.10.7-r3
1.10.7-r4
1.10.7-r5
1.10.8-r0
1.10.8-r1
1.10.8-r2
1.10.8-r3
1.10.8-r4
1.10.8-r5
1.10.9-r0
1.10.9-r1
1.10.9-r2
1.10.9-r3
1.10.9-r4
1.10.9-r5
1.10.10-r0

Alpine:v3.20 / freeswitch

Package

Name
freeswitch
Purl
pkg:apk/alpine/freeswitch?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.10.11-r0

Affected versions

1.*

1.0.3-r0
1.0.3-r1
1.0.4-r0
1.0.4-r1
1.0.4-r2
1.0.4-r3
1.0.6-r0
1.0.6-r1
1.0.6-r2
1.0.6-r3
1.0.6-r4
1.0.6-r5
1.0.6-r6
1.0.6-r7
1.0.6-r8
1.0.6-r9
1.0.6-r10
1.0.6-r11
1.0.6-r12
1.0.6-r13
1.0.6-r14
1.0.6-r15
1.0.6-r16
1.0.6-r17
1.0.7-r0
1.0.7-r1
1.0.7-r2
1.0.7_p20110323-r0
1.0.7_p20110323-r1
1.0.7_p20110527-r0
1.0.7_p20110602-r0
1.0.7_p20110602-r1
1.0.7_p20110602-r2
1.0.7_p20110602-r3
1.0.7_p20110602-r4
1.0.7_p20110602-r5
1.0.7_p20110602-r6
1.0.7_p20110602-r7
1.0.7_p20120309-r1
1.2.0-r0
1.2.0-r1
1.2.0-r2
1.2.0-r3
1.2.5.3-r0
1.2.5.3-r1
1.2.5.3-r2
1.2.5.3-r3
1.2.10-r0
1.4.0-r0
1.4.0-r1
1.4.0-r2
1.4.6-r0
1.4.6-r1
1.4.7-r0
1.4.7-r1
1.4.13-r0
1.4.18-r0
1.4.18-r1
1.4.18-r2
1.4.18-r3
1.4.18-r4
1.4.18-r5
1.4.18-r6
1.4.19-r0
1.4.19-r1
1.4.19-r2
1.4.20-r0
1.4.20-r1
1.4.20-r2
1.4.20-r3
1.4.20-r4
1.4.20-r5
1.6.2-r0
1.6.2-r1
1.6.2-r2
1.6.2-r3
1.6.2-r4
1.6.2-r5
1.6.6-r0
1.6.6-r1
1.6.6-r2
1.6.7-r0
1.6.7-r1
1.6.7-r2
1.6.9-r0
1.6.11-r0
1.6.13-r0
1.6.15-r0
1.6.17-r0
1.6.19-r0
1.6.19-r1
1.6.20-r0
1.8.2-r0
1.8.2-r1
1.8.5-r0
1.8.5-r1
1.8.7-r0
1.8.7-r1
1.10.2-r0
1.10.2-r1
1.10.3-r0
1.10.3-r1
1.10.3-r2
1.10.3-r3
1.10.5-r0
1.10.5-r1
1.10.5-r2
1.10.6-r0
1.10.6-r1
1.10.6-r2
1.10.7-r0
1.10.7-r1
1.10.7-r2
1.10.7-r3
1.10.7-r4
1.10.7-r5
1.10.8-r0
1.10.8-r1
1.10.8-r2
1.10.8-r3
1.10.8-r4
1.10.8-r5
1.10.9-r0
1.10.9-r1
1.10.9-r2
1.10.9-r3
1.10.9-r4
1.10.9-r5
1.10.10-r0
1.10.10-r1

Alpine:v3.21 / freeswitch

Package

Name
freeswitch
Purl
pkg:apk/alpine/freeswitch?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.10.11-r0

Affected versions

1.*

1.0.3-r0
1.0.3-r1
1.0.4-r0
1.0.4-r1
1.0.4-r2
1.0.4-r3
1.0.6-r0
1.0.6-r1
1.0.6-r2
1.0.6-r3
1.0.6-r4
1.0.6-r5
1.0.6-r6
1.0.6-r7
1.0.6-r8
1.0.6-r9
1.0.6-r10
1.0.6-r11
1.0.6-r12
1.0.6-r13
1.0.6-r14
1.0.6-r15
1.0.6-r16
1.0.6-r17
1.0.7-r0
1.0.7-r1
1.0.7-r2
1.0.7_p20110323-r0
1.0.7_p20110323-r1
1.0.7_p20110527-r0
1.0.7_p20110602-r0
1.0.7_p20110602-r1
1.0.7_p20110602-r2
1.0.7_p20110602-r3
1.0.7_p20110602-r4
1.0.7_p20110602-r5
1.0.7_p20110602-r6
1.0.7_p20110602-r7
1.0.7_p20120309-r1
1.2.0-r0
1.2.0-r1
1.2.0-r2
1.2.0-r3
1.2.5.3-r0
1.2.5.3-r1
1.2.5.3-r2
1.2.5.3-r3
1.2.10-r0
1.4.0-r0
1.4.0-r1
1.4.0-r2
1.4.6-r0
1.4.6-r1
1.4.7-r0
1.4.7-r1
1.4.13-r0
1.4.18-r0
1.4.18-r1
1.4.18-r2
1.4.18-r3
1.4.18-r4
1.4.18-r5
1.4.18-r6
1.4.19-r0
1.4.19-r1
1.4.19-r2
1.4.20-r0
1.4.20-r1
1.4.20-r2
1.4.20-r3
1.4.20-r4
1.4.20-r5
1.6.2-r0
1.6.2-r1
1.6.2-r2
1.6.2-r3
1.6.2-r4
1.6.2-r5
1.6.6-r0
1.6.6-r1
1.6.6-r2
1.6.7-r0
1.6.7-r1
1.6.7-r2
1.6.9-r0
1.6.11-r0
1.6.13-r0
1.6.15-r0
1.6.17-r0
1.6.19-r0
1.6.19-r1
1.6.20-r0
1.8.2-r0
1.8.2-r1
1.8.5-r0
1.8.5-r1
1.8.7-r0
1.8.7-r1
1.10.2-r0
1.10.2-r1
1.10.3-r0
1.10.3-r1
1.10.3-r2
1.10.3-r3
1.10.5-r0
1.10.5-r1
1.10.5-r2
1.10.6-r0
1.10.6-r1
1.10.6-r2
1.10.7-r0
1.10.7-r1
1.10.7-r2
1.10.7-r3
1.10.7-r4
1.10.7-r5
1.10.8-r0
1.10.8-r1
1.10.8-r2
1.10.8-r3
1.10.8-r4
1.10.8-r5
1.10.9-r0
1.10.9-r1
1.10.9-r2
1.10.9-r3
1.10.9-r4
1.10.9-r5
1.10.10-r0
1.10.10-r1

Git / github.com/signalwire/freeswitch

Affected ranges

Type
GIT
Repo
https://github.com/signalwire/freeswitch
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
86cbda90b84ba186e508fbc7bfae469270a97d11

Affected versions

Other

git2svn-syncpoint-master

v.*

v.1.3.12
v.15.9

v0.*

v0.0.1

v1.*

v1.0.5.14226d2
v1.0.5.597675e
v1.0.6
v1.2-rc1
v1.2-rc2
v1.3.0
v1.3.1
v1.3.10
v1.3.11
v1.3.12
v1.3.13
v1.3.14
v1.3.15
v1.3.16
v1.3.17-final
v1.3.2
v1.3.3
v1.3.4
v1.3.5
v1.3.6
v1.3.7
v1.3.8
v1.3.9
v1.5.0
v1.5.1
v1.5.10
v1.5.12
v1.5.13
v1.5.14
v1.5.2
v1.5.3
v1.5.4
v1.5.5
v1.5.6
v1.5.7
v1.5.8
v1.5.final
v1.6.0