Freeswitch
CVE-2013-2238
MEDIUM
Severity by source
AV:N/AC:M/Au:N/C:P/I:P/A:P
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:M/Au:N/C:P/I:P/A:P
Lifecycle Timeline
1DescriptionCVE.org
Multiple buffer overflows in the switch_perform_substitution function in switch_regex.c in FreeSWITCH 1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the index and substituted variables.
AnalysisAI
Multiple buffer overflows in the switch_perform_substitution function in switch_regex.c in FreeSWITCH 1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.
Technical ContextAI
This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Multiple buffer overflows in the switch_perform_substitution function in switch_regex.c in FreeSWITCH 1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the index and substituted variables. Affected products include: Freeswitch.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.
More in Freeswitch
View allFreeSWITCH 1.6.10 through 1.10.1 has a default password in event_socket.conf.xml. Rated critical severity (CVSS 9.8), th
Heap-based buffer overflow in the parse_string function in libs/esl/src/esl_json.c in FreeSWITCH before 1.4.23 and 1.6.x
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to
An issue was discovered in function sofia_handle_sip_i_notify in sofia.c in SignalWire freeswitch before 1.10.6, may all
FreeSWITCH through 1.8.2, when mod_xml_rpc is enabled, allows remote attackers to execute arbitrary commands via the api
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to
Heap buffer overflow in FreeSWITCH mod_verto prior to version 1.11.1 allows remote unauthenticated attackers to corrupt
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today