Buffer overflow in Freeswitch

CVE-2013-2238

Multiple buffer overflows in the switch_perform_substitution function in switch_regex.c in FreeSWITCH 1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the index and…

Vulnerability class: Buffer Overflow

EPSS: 0.024 (85.3th percentile) — read the EPSS interpretation.

Affected products

Freeswitch — versions 1.2
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

secalert@redhat.com (x_refsource_CONFIRM, Exploit, Patch)
[oss-security] 20130703 Re: CVE request: FreeSWITCH regex substitution 3 buffer overflows (mailing-list, x_refsource_MLIST, Patch)