Send an e-mail to security@signalwire.com to report a vulnerability. If accepted, we'll create a security advisory and add you and your team as collaborators. Please allow our team sufficient time to resolve the vulnerability before disclosing it; we'll remain in contact about the fix and may ask for your assistance to verify it is resolved.
Security: signalwire/freeswitch
Security
SECURITY.md
-
FreeSWITCH susceptible to Denial of Service via DTLS Hello packets during call initiationGHSA-39gv-hq72-j6m6 published
Dec 23, 2023 by andywolkHigh -
FreeSWITCH allows remote users to trigger out of bounds write by offering an ICE candidate with unknown component IDGHSA-7mwp-86fv-hcg3 published
Sep 13, 2023 by briankwestHigh -
FreeSWITCH allows authorized users to cause a denial of service attack by sending re-INVITE with SDP containing duplicate codec namesGHSA-gjj5-79p2-9g3q published
Sep 13, 2023 by briankwestHigh -
FreeSWITCH susceptible to Denial of Service via invalid SRTP packetsGHSA-jh42-prph-gp36 published
Oct 25, 2021 by andywolkHigh -
FreeSWITCH does not authenticate SIP SUBSCRIBE requests by defaultGHSA-g7xg-7c54-rmpj published
Oct 25, 2021 by andywolkModerate -
FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message spoofingGHSA-mjcm-q9h8-9xv3 published
Oct 25, 2021 by andywolkHigh -
FreeSWITCH susceptible to Denial of Service via SIP floodingGHSA-jvpq-23v4-gp3m published
Oct 25, 2021 by andywolkHigh -
FreeSWITCH vulnerable to SIP digest leak for configured gatewaysGHSA-3v3f-99mv-qvj4 published
Oct 25, 2021 by andywolkModerate
Learn more about advisories related to signalwire/freeswitch in the GitHub Advisory Database