Description
wire-avs is the audio visual signaling (AVS) component of Wire, an open-source messenger. A remote format string vulnerability in versions prior to 7.1.12 allows an attacker to cause a denial of service or possibly execute arbitrary code. The issue has been fixed in wire-avs 7.1.12. There are currently no known workarounds.
Remediation
References
https://github.com/wireapp/wire-avs/commit/40d373ede795443ae6f2f756e9fb1f4f4ae90bbe
https://github.com/wireapp/wire-avs/security/advisories/GHSA-2j6v-xpf3-xvrv
Related Vulnerabilities
CVE-2022-21803 Vulnerability in npm package nconf
CVE-2020-7663 Vulnerability in npm package websocket-extensions
CVE-2023-45279 Vulnerability in maven package org.yamcs:yamcs-core
CVE-2023-27296 Vulnerability in maven package org.apache.inlong:manager-pojo
CVE-2021-23384 Vulnerability in npm package koa-remove-trailing-slashes