HIGH🇬🇧 English

CVE-2026-49475

CVSS 7.5v3.1pub. 2026-06-09upd. 2026-06-10

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, a STUN packet whose declared attribute length is shorter than the structure the parser casts to causes the parser to read and write past the end of the attribute, producing an out-of-bounds memory access on the per-leg media buffer. This issue has been patched in version 1.11.0.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Freeswitch

    APP
    Freeswitch
    < 1.11.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Memory
CWE
Referencje

Powiązane podatności

CVE-2026-49840CRITICAL9.1PL ✓ten sam produkt

FreeSWITCH libesl: heap buffer overflow przez ujemny Content-Length w ESL

CVE-2026-49841CRITICAL9.8PL ✓ten sam produkt

FreeSWITCH mod_verto: heap buffer overflow przed autoryzacją HTTP

CVE-2019-19492CRITICAL9.8ten sam produkt

FreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml.

CVE-2026-45771HIGH7.5ten sam produkt

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom sw...

CVE-2026-49842HIGH7.5ten sam produkt

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom sw...