CVE-2013-2238

FreeSWITCH 1.2 - Buffer Overflow in switch_perform_substitution

Title source: llm
STIX 2.1

Description

Multiple buffer overflows in the switch_perform_substitution function in switch_regex.c in FreeSWITCH 1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the index and substituted variables.

References (2)

Core 2
Core References
Exploit, Patch x_refsource_confirm
http://jira.freeswitch.org/browse/FS-5566
Patch mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/07/04/4

Scores

EPSS 0.0271
EPSS Percentile 84.2%

Details

CWE
CWE-119
Status published
Products (1)
freeswitch/freeswitch 1.2
Published Sep 30, 2013
Tracked Since Feb 18, 2026