Stack-based buffer overflow in freeswitch - CVE-2023-40019
Published: September 13, 2023 / Updated: May 15, 2026
freeswitch
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to stack-based buffer overflow in the SDP negotiation logic when processing a re-INVITE with SDP containing duplicate codec names. A remote attacker can send a specially crafted re-INVITE to cause a denial of service.
The issue can be triggered during codec re-negotiation after a call has completed initial codec negotiation. The reproduced scenario requires the mod_av and mod_opus modules to be loaded.