GHSA-2j6v-xpf3-xvrv
Suggest an improvement- Source
- https://github.com/advisories/GHSA-2j6v-xpf3-xvrv
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-2j6v-xpf3-xvrv/GHSA-2j6v-xpf3-xvrv.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-2j6v-xpf3-xvrv
- Aliases
- Published
- 2022-03-01T18:58:23Z
- Modified
- 2023-11-08T04:06:54.468034Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Use of Externally-Controlled Format String in wire-avs
- Details
-
Impact
A remote format string vulnerability allowed an attacker to cause a denial of service or possibly execute arbitrary code.
Patches
- The issue has been fixed in wire-avs 7.1.12 and is already included on all Wire products (currently used version is 8.0.x)
Workarounds
- No workaround known
References
- Fixed in commit https://github.com/wireapp/wire-avs/commit/40d373ede795443ae6f2f756e9fb1f4f4ae90bbe
For more information
If you have any questions or comments about this advisory feel free to email us at vulnerability-report@wire.com
- Database specific
{ "nvd_published_at": "2022-03-01T19:15:00Z", "cwe_ids": [ "CWE-134" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2022-03-01T18:58:23Z" }- References
Affected packages
Maven / com.wire:avs
Package
- Name
- com.wire:avs
- View open source insights on deps.dev
- Purl
- pkg:maven/com.wire/avs