CVE-2015-7392

FreeSWITCH < 1.4.23 and 1.6.x < 1.6.2 - Heap-Based Buffer Overflow in cJSON_Parse

Title source: llm
STIX 2.1

Description

Heap-based buffer overflow in the parse_string function in libs/esl/src/esl_json.c in FreeSWITCH before 1.4.23 and 1.6.x before 1.6.2 allows remote attackers to execute arbitrary code via a trailing \u in a json string to cJSON_Parse.

References (3)

Core 3

Scores

EPSS 0.0467
EPSS Percentile 90.7%

Details

CWE
CWE-119
Status published
Products (2)
freeswitch/freeswitch 1.6.0
freeswitch/freeswitch < 1.4.21
Published Oct 05, 2015
Tracked Since Feb 18, 2026