GHSA-2j6v-xpf3-xvrv

Suggest an improvement
Source
https://github.com/advisories/GHSA-2j6v-xpf3-xvrv
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-2j6v-xpf3-xvrv/GHSA-2j6v-xpf3-xvrv.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-2j6v-xpf3-xvrv
Aliases
Published
2022-03-01T18:58:23Z
Modified
2023-11-08T04:06:54.468034Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Use of Externally-Controlled Format String in wire-avs
Details

Impact

A remote format string vulnerability allowed an attacker to cause a denial of service or possibly execute arbitrary code.

Patches

  • The issue has been fixed in wire-avs 7.1.12 and is already included on all Wire products (currently used version is 8.0.x)

Workarounds

  • No workaround known

References

  • Fixed in commit https://github.com/wireapp/wire-avs/commit/40d373ede795443ae6f2f756e9fb1f4f4ae90bbe

For more information

If you have any questions or comments about this advisory feel free to email us at vulnerability-report@wire.com

References

Affected packages

Maven / com.wire:avs

Package

Name
com.wire:avs
View open source insights on deps.dev
Purl
pkg:maven/com.wire/avs

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.1.12