Out-of-bounds write in freeswitch - CVE-2023-40018
Published: September 13, 2023 / Updated: May 15, 2026
freeswitch
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to out-of-bounds write in ICE candidate handling when processing an SDP offer containing an ICE candidate with an unknown component ID. A remote attacker can send a specially crafted SDP offer to cause a denial of service.
The issue can corrupt memory and lead to undefined behavior.