Improper Check or Handling of Exceptional Conditions in freeswitch - CVE-2021-41105

 

Improper Check or Handling of Exceptional Conditions in freeswitch - CVE-2021-41105

Published: October 25, 2021 / Updated: May 15, 2026


Vulnerability identifier: #VU131566
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-41105
CWE-ID: CWE-703
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: www.freeswitch.org
Affected software:
freeswitch

Detailed vulnerability description

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to improper handling of SRTP error thresholds in switch_rtp.c when processing specially crafted SRTP packets. A remote attacker can flood a media port with invalid SRTP packets to cause a denial of service.

The issue can terminate ongoing SRTP calls and was reproduced with both SDES key exchange in SIP environments and DTLS key exchange in WebRTC environments.


How to mitigate CVE-2021-41105

Install security update from vendor's website.

Sources