Improper Handling of Exceptional Conditions in wire-ios

#VU61378 Improper Handling of Exceptional Conditions in wire-ios

Published: 2022-03-15

Vulnerability identifier: #VU61378

Vulnerability risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-23625

CWE-ID: CWE-755

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
wire-ios
Web applications / Modules and components for CMS

Vendor: Wire Swiss GmbH

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper sanitization of malformed resource identifiers. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

wire-ios: 3.0 - 3.94

External links
http://github.com/wireapp/wire-ios-transport/commit/02e90aa45edaf7eb2d8b97fa2377cd8104274170
http://github.com/wireapp/wire-ios-transport/security/advisories/GHSA-3xvh-x964-572h
http://github.com/wireapp/wire-ios/security/advisories/GHSA-rq36-8qfp-79mc

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Denial of service in Wire-ios