Skip to content

Use of Externally-Controlled Format String in wire-avs

High severity GitHub Reviewed Published Mar 1, 2022 in wireapp/wire-avs • Updated Feb 3, 2023

Package

maven com.wire:avs (Maven)

Affected versions

< 7.1.12

Patched versions

7.1.12

Description

Impact

A remote format string vulnerability allowed an attacker to cause a denial of service or possibly execute arbitrary code.

Patches

  • The issue has been fixed in wire-avs 7.1.12 and is already included on all Wire products (currently used version is 8.0.x)

Workarounds

  • No workaround known

References

For more information

If you have any questions or comments about this advisory feel free to email us at vulnerability-report@wire.com

References

@comawill comawill published to wireapp/wire-avs Mar 1, 2022
Published to the GitHub Advisory Database Mar 1, 2022
Reviewed Mar 1, 2022
Published by the National Vulnerability Database Mar 1, 2022
Last updated Feb 3, 2023

Severity

High

EPSS score

0.639%
(79th percentile)

Weaknesses

CVE ID

CVE-2021-41193

GHSA ID

GHSA-2j6v-xpf3-xvrv

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.