Vulnerability Description
wire-avs is the audio visual signaling (AVS) component of Wire, an open-source messenger. A remote format string vulnerability in versions prior to 7.1.12 allows an attacker to cause a denial of service or possibly execute arbitrary code. The issue has been fixed in wire-avs 7.1.12. There are currently no known workarounds.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wire | Wire-Audio Video Signaling | < 7.1.12 |
Related Weaknesses (CWE)
References
- https://github.com/wireapp/wire-avs/commit/40d373ede795443ae6f2f756e9fb1f4f4ae90PatchThird Party Advisory
- https://github.com/wireapp/wire-avs/security/advisories/GHSA-2j6v-xpf3-xvrvPatchThird Party Advisory
- https://github.com/wireapp/wire-avs/commit/40d373ede795443ae6f2f756e9fb1f4f4ae90PatchThird Party Advisory
- https://github.com/wireapp/wire-avs/security/advisories/GHSA-2j6v-xpf3-xvrvPatchThird Party Advisory
FAQ
What is CVE-2021-41193?
CVE-2021-41193 is a vulnerability with a CVSS score of 9.8 (CRITICAL). wire-avs is the audio visual signaling (AVS) component of Wire, an open-source messenger. A remote format string vulnerability in versions prior to 7.1.12 allows an attacker to cause a denial of servi...
How severe is CVE-2021-41193?
CVE-2021-41193 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-41193?
Check the references section above for vendor advisories and patch information. Affected products include: Wire Wire-Audio Video Signaling.