Resource exhaustion in freeswitch - CVE-2021-41145

 

Resource exhaustion in freeswitch - CVE-2021-41145

Published: October 25, 2021 / Updated: May 15, 2026


Vulnerability identifier: #VU131569
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2021-41145
CWE-ID: CWE-400
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: www.freeswitch.org
Affected software:
freeswitch

Detailed vulnerability description

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to uncontrolled resource consumption in the SIP message handling functionality when processing flooded SIP messages. A remote attacker can send a flood of SIP messages to cause a denial of service.

The issue can be triggered without authentication over UDP, TCP, or TLS, and may result in the process being killed by the operating system due to memory exhaustion.


How to mitigate CVE-2021-41145

Install security update from vendor's website.

Sources