What is CVE-2021-32666?

CVE-2021-32666 is a medium-severity vulnerability in Wireapp Wire-ios, classified under Improper Input Validation. CVSS score: 6.5/10. Published 2021-06-03.

How severe is CVE-2021-32666?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Improper input validation in Wireapp Wire-ios

CVE-2021-32666

wire-ios is the iOS version of Wire, an open-source secure messaging app. In wire-ios versions 3.8.0 and prior, a vulnerability exists that can cause a denial of service between users. If a user has an invalid assetID for their profile pic…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.003 (54.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Affected products

Wireapp Wire-ios — versions <= 3.8.0

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

github.com/wireapp/wire-ios/security/advisories/GHSA-2x9x-vh27-h4rv (x_refsource_CONFIRM)
github.com/wireapp/wire-ios-data-model/commit/35af3f632085f51a2ce7f608fdaeffd1a… (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-32666?: CVE-2021-32666 is a medium-severity vulnerability in Wireapp Wire-ios, classified under Improper Input Validation. CVSS score: 6.5/10. Published 2021-06-03.
How severe is CVE-2021-32666?: Medium severity. CVSS v3 base score is 6.5 out of 10.