Vulnerabilities in signalwire
17 resultsCVE-2021-37624HIGHFreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message spoofingEPSS 3.5%CVE-2021-41105HIGHFreeSWITCH susceptible to Denial of Service via invalid SRTP packetsEPSS 2.4%CVE-2021-41157MEDIUMFreeSWITCH does not authenticate SIP SUBSCRIBE requests by defaultEPSS 1.7%CVE-2021-41145HIGHFreeSWITCH susceptible to Denial of Service via SIP floodingEPSS 1.6%CVE-2023-51443HIGHFreeSWITCH susceptible to Denial of Service via DTLS Hello packets during call initiationEPSS 1.5%CVE-2021-41158MEDIUMFreeSWITCH vulnerable to SIP digest leak for configured gatewaysEPSS 0.8%CVE-2023-40019HIGHFreeSWITCH allows authorized users to cause a denial of service attack by sending re-INVITE with SDP containing duplicate codec namesEPSS 0.8%CVE-2023-40018HIGHFreeSWITCH allows remote users to trigger out of bounds write by offering an ICE candidate with unknown component IDEPSS 0.7%CVE-2026-49842HIGHFreeSWITCH: Pre-authentication bandwidth amplification via `mod_verto` speed-test framesEPSS 0.4%CVE-2026-49847HIGHFreeSWITCH: Stack overflow in bundled cJSON parser via deeply nested JSONEPSS 0.4%CVE-2026-49841CRITICALFreeSWITCH: Pre-authentication heap buffer overflow in `mod_verto` HTTP POST body readEPSS 0.4%CVE-2026-45771HIGHFreeswitch Denial-of-Service in SIP PUBLISH Requests via XML Entity ExpansionEPSS 0.3%CVE-2026-49840CRITICALFreeSWITCH: Pre-authentication heap buffer overflow in libesl `Content-Length` parsingEPSS 0.3%CVE-2026-49843MEDIUMFreeSWITCH: Pre-authentication session eviction via attacker-chosen `sessid` in `mod_verto`EPSS 0.3%CVE-2026-49475HIGHFreeSWITCH: Out-of-bounds memory access in core STUN attribute parsingEPSS 0.3%CVE-2026-49472MEDIUMFreeSWITCH includes a vulnerable function, PREFIX(prologTok)() from libexpatEPSS 0.2%CVE-2026-49848MEDIUMFreeSWITCH: Pre-authentication `userVariables` injection in `mod_verto`EPSS 0.2%