Improper Check or Handling of Exceptional Conditions in freeswitch - CVE-2021-41105
Published: October 25, 2021 / Updated: May 15, 2026
freeswitch
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to improper handling of SRTP error thresholds in switch_rtp.c when processing specially crafted SRTP packets. A remote attacker can flood a media port with invalid SRTP packets to cause a denial of service.
The issue can terminate ongoing SRTP calls and was reproduced with both SDES key exchange in SIP environments and DTLS key exchange in WebRTC environments.