Vulnerabilities > CVE-2023-48221 - Use of Externally-Controlled Format String vulnerability in Wire Audio, Video, and Signaling

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

wire

CWE-134

NVD

Published: 2023-11-20

Updated: 2023-11-29

Summary

wire-avs provides Audio, Visual, and Signaling (AVS) functionality sure the secure messaging software Wire. Prior to versions 9.2.22 and 9.3.5, a remote format string vulnerability could potentially allow an attacker to cause a denial of service or possibly execute arbitrary code. The issue has been fixed in wire-avs 9.2.22 & 9.3.5 and is already included on all Wire products. No known workarounds are available.

Vulnerable Configurations

Part	Description	Count
Application	Wire Wire Audio, Video, AND Signaling - Wire Audio, Video, AND Signaling 0.0.3 Wire Audio, Video, AND Signaling 0.0.5 Wire Audio, Video, AND Signaling 0.0.81 Wire Audio, Video, AND Signaling 0.0.82 Wire Audio, Video, AND Signaling 0.0.83 Wire Audio, Video, AND Signaling 0.0.4045 Wire Audio, Video, AND Signaling 0.0.4046 Wire Audio, Video, AND Signaling 0.0.4047 Wire Audio, Video, AND Signaling 0.0.4048 Wire Audio, Video, AND Signaling 0.0.4049 Wire Audio, Video, AND Signaling 0.0.4050 Wire Audio, Video, AND Signaling 0.0.4051 Wire Audio, Video, AND Signaling 0.0.4052 Wire Audio, Video, AND Signaling 0.0.4053 Wire Audio, Video, AND Signaling 0.0.4054 Wire Audio, Video, AND Signaling 0.0.4055 Wire Audio, Video, AND Signaling 0.0.4056 Wire Audio, Video, AND Signaling 0.0.4057 Wire Audio, Video, AND Signaling 0.0.4058 Wire Audio, Video, AND Signaling 0.0.4059 Wire Audio, Video, AND Signaling 0.0.4060 Wire Audio, Video, AND Signaling 0.0.4063 Wire Audio, Video, AND Signaling 0.0.4064 Wire Audio, Video, AND Signaling 0.0.4065 Wire Audio, Video, AND Signaling 0.0.4066 Wire Audio, Video, AND Signaling 0.0.4067 Wire Audio, Video, AND Signaling 0.0.4068 Wire Audio, Video, AND Signaling 0.0.4069 Wire Audio, Video, AND Signaling 0.0.4070 Wire Audio, Video, AND Signaling 0.0.4071 Wire Audio, Video, AND Signaling 0.0.4072 Wire Audio, Video, AND Signaling 0.0.4073 Wire Audio, Video, AND Signaling 0.0.4074 Wire Audio, Video, AND Signaling 0.0.4075 Wire Audio, Video, AND Signaling 0.0.4076 Wire Audio, Video, AND Signaling 0.0.4077 Wire Audio, Video, AND Signaling 0.0.4078 Wire Audio, Video, AND Signaling 0.0.4079 Wire Audio, Video, AND Signaling 0.0.4080 Wire Audio, Video, AND Signaling 0.0.4081 Wire Audio, Video, AND Signaling 0.0.4082 Wire Audio, Video, AND Signaling 0.0.4083 Wire Audio, Video, AND Signaling 0.0.4084 Wire Audio, Video, AND Signaling 0.0.4086 Wire Audio, Video, AND Signaling 0.0.4087 Wire Audio, Video, AND Signaling 0.0.4092 Wire Audio, Video, AND Signaling 0.0.4093 Wire Audio, Video, AND Signaling 0.0.4096 Wire Audio, Video, AND Signaling 0.0.4097 Wire Audio, Video, AND Signaling 0.0.4098 Wire Audio, Video, AND Signaling 0.0.4107 Wire Audio, Video, AND Signaling 0.0.4108 Wire Audio, Video, AND Signaling 0.0.4109 Wire Audio, Video, AND Signaling 0.0.4110 Wire Audio, Video, AND Signaling 0.0.4111 Wire Audio, Video, AND Signaling 0.0.4112 Wire Audio, Video, AND Signaling 0.0.4113 Wire Audio, Video, AND Signaling 0.0.4114 Wire Audio, Video, AND Signaling 0.0.4116 Wire Audio, Video, AND Signaling 0.0.4117 Wire Audio, Video, AND Signaling 0.0.4118 Wire Audio, Video, AND Signaling 0.0.4120 Wire Audio, Video, AND Signaling 0.0.4121 Wire Audio, Video, AND Signaling 0.0.4122 Wire Audio, Video, AND Signaling 0.0.4124 Wire Audio, Video, AND Signaling 0.0.4125 Wire Audio, Video, AND Signaling 0.0.4127 Wire Audio, Video, AND Signaling 0.0.4128 Wire Audio, Video, AND Signaling 0.0.4140 Wire Audio, Video, AND Signaling 0.0.4142 Wire Audio, Video, AND Signaling 0.0.4143 Wire Audio, Video, AND Signaling 0.0.4144 Wire Audio, Video, AND Signaling 0.0.4147 Wire Audio, Video, AND Signaling 0.0.4148 Wire Audio, Video, AND Signaling 0.0.4149 Wire Audio, Video, AND Signaling 0.0.4150 Wire Audio, Video, AND Signaling 0.0.4151 Wire Audio, Video, AND Signaling 0.0.4156 Wire Audio, Video, AND Signaling 0.0.4157 Wire Audio, Video, AND Signaling 0.0.4158 Wire Audio, Video, AND Signaling 0.0.4159 Wire Audio, Video, AND Signaling 0.0.4160 Wire Audio, Video, AND Signaling 0.0.4161 Wire Audio, Video, AND Signaling 0.0.4162 Wire Audio, Video, AND Signaling 0.0.4163 Wire Audio, Video, AND Signaling 0.0.4164 Wire Audio, Video, AND Signaling 0.0.4166 Wire Audio, Video, AND Signaling 0.0.4167 Wire Audio, Video, AND Signaling 0.0.4168 Wire Audio, Video, AND Signaling 0.0.4172 Wire Audio, Video, AND Signaling 0.0.4173 Wire Audio, Video, AND Signaling 0.0.4174 Wire Audio, Video, AND Signaling 0.0.4175 Wire Audio, Video, AND Signaling 0.0.4176 Wire Audio, Video, AND Signaling 0.0.4178 Wire Audio, Video, AND Signaling 0.0.4179 Wire Audio, Video, AND Signaling 0.0.4180 Wire Audio, Video, AND Signaling 0.0.4181 Wire Audio, Video, AND Signaling 0.0.4182 Wire Audio, Video, AND Signaling 0.0.4183 Wire Audio, Video, AND Signaling 0.0.4184 Wire Audio, Video, AND Signaling 0.0.4185 Wire Audio, Video, AND Signaling 0.0.4186 Wire Audio, Video, AND Signaling 0.0.4187 Wire Audio, Video, AND Signaling 0.0.4188 Wire Audio, Video, AND Signaling 0.0.4189 Wire Audio, Video, AND Signaling 0.0.4190 Wire Audio, Video, AND Signaling 0.0.4191 Wire Audio, Video, AND Signaling 0.0.4192 Wire Audio, Video, AND Signaling 0.0.4193 Wire Audio, Video, AND Signaling 0.0.4194 Wire Audio, Video, AND Signaling 0.0.4195 Wire Audio, Video, AND Signaling 0.0.4197 Wire Audio, Video, AND Signaling 0.0.4199 Wire Audio, Video, AND Signaling 0.0.4200 Wire Audio, Video, AND Signaling 0.0.4204 Wire Audio, Video, AND Signaling 0.0.4205 Wire Audio, Video, AND Signaling 0.0.4207 Wire Audio, Video, AND Signaling 0.0.4209 Wire Audio, Video, AND Signaling 0.0.4210 Wire Audio, Video, AND Signaling 0.0.4211 Wire Audio, Video, AND Signaling 0.0.4212 Wire Audio, Video, AND Signaling 0.0.4213 Wire Audio, Video, AND Signaling 0.0.4214 Wire Audio, Video, AND Signaling 0.0.4215 Wire Audio, Video, AND Signaling 0.0.4216 Wire Audio, Video, AND Signaling 0.0.4217 Wire Audio, Video, AND Signaling 0.0.4218 Wire Audio, Video, AND Signaling 7.1.1 Wire Audio, Video, AND Signaling 7.1.78 Wire Audio, Video, AND Signaling 7.1.80 Wire Audio, Video, AND Signaling 7.1.103 Wire Audio, Video, AND Signaling 7.1.104 Wire Audio, Video, AND Signaling 7.1.105 Wire Audio, Video, AND Signaling 7.1.106 Wire Audio, Video, AND Signaling 7.1.107 Wire Audio, Video, AND Signaling 7.1.109 Wire Audio, Video, AND Signaling 7.1.110 Wire Audio, Video, AND Signaling 7.1.135 Wire Audio, Video, AND Signaling 7.1.136 Wire Audio, Video, AND Signaling 7.1.137 Wire Audio, Video, AND Signaling 7.1.139 Wire Audio, Video, AND Signaling 7.1.140 Wire Audio, Video, AND Signaling 7.2.80 Wire Audio, Video, AND Signaling 7.2.84 Wire Audio, Video, AND Signaling 7.2.85 Wire Audio, Video, AND Signaling 7.2.86 Wire Audio, Video, AND Signaling 7.2.87 Wire Audio, Video, AND Signaling 7.2.89 Wire Audio, Video, AND Signaling 7.2.90 Wire Audio, Video, AND Signaling 7.2.91 Wire Audio, Video, AND Signaling 7.2.92 Wire Audio, Video, AND Signaling 7.2.93 Wire Audio, Video, AND Signaling 7.2.94 Wire Audio, Video, AND Signaling 7.2.95 Wire Audio, Video, AND Signaling 7.2.96 Wire Audio, Video, AND Signaling 7.2.97 Wire Audio, Video, AND Signaling 7.2.98 Wire Audio, Video, AND Signaling 7.2.99 Wire Audio, Video, AND Signaling 7.2.100 Wire Audio, Video, AND Signaling 7.2.101 Wire Audio, Video, AND Signaling 7.2.102 Wire Audio, Video, AND Signaling 7.2.103 Wire Audio, Video, AND Signaling 7.2.104 Wire Audio, Video, AND Signaling 7.2.105 Wire Audio, Video, AND Signaling 7.2.106 Wire Audio, Video, AND Signaling 7.2.107 Wire Audio, Video, AND Signaling 7.2.108 Wire Audio, Video, AND Signaling 7.2.109 Wire Audio, Video, AND Signaling 7.2.110 Wire Audio, Video, AND Signaling 7.2.111 Wire Audio, Video, AND Signaling 8.0.1 Wire Audio, Video, AND Signaling 8.0.2 Wire Audio, Video, AND Signaling 8.0.3 Wire Audio, Video, AND Signaling 8.0.4 Wire Audio, Video, AND Signaling 8.0.5 Wire Audio, Video, AND Signaling 8.0.6 Wire Audio, Video, AND Signaling 8.0.7 Wire Audio, Video, AND Signaling 8.0.8 Wire Audio, Video, AND Signaling 8.0.9 Wire Audio, Video, AND Signaling 8.0.10 Wire Audio, Video, AND Signaling 8.0.11 Wire Audio, Video, AND Signaling 8.0.12 Wire Audio, Video, AND Signaling 8.0.13 Wire Audio, Video, AND Signaling 8.0.14 Wire Audio, Video, AND Signaling 8.0.15 Wire Audio, Video, AND Signaling 8.0.16 Wire Audio, Video, AND Signaling 8.0.17 Wire Audio, Video, AND Signaling 8.1.1 Wire Audio, Video, AND Signaling 8.1.2 Wire Audio, Video, AND Signaling 8.1.3 Wire Audio, Video, AND Signaling 8.1.4 Wire Audio, Video, AND Signaling 8.1.6 Wire Audio, Video, AND Signaling 8.1.7 Wire Audio, Video, AND Signaling 8.1.8 Wire Audio, Video, AND Signaling 8.1.10 Wire Audio, Video, AND Signaling 8.1.11 Wire Audio, Video, AND Signaling 8.1.12 Wire Audio, Video, AND Signaling 8.1.13 Wire Audio, Video, AND Signaling 8.1.14 Wire Audio, Video, AND Signaling 8.1.16 Wire Audio, Video, AND Signaling 8.1.17 Wire Audio, Video, AND Signaling 8.1.18 Wire Audio, Video, AND Signaling 8.1.23 Wire Audio, Video, AND Signaling 8.1.42 Wire Audio, Video, AND Signaling 8.2.1 Wire Audio, Video, AND Signaling 8.2.2 Wire Audio, Video, AND Signaling 8.2.4 Wire Audio, Video, AND Signaling 8.2.5 Wire Audio, Video, AND Signaling 8.2.6 Wire Audio, Video, AND Signaling 8.2.8 Wire Audio, Video, AND Signaling 8.2.9 Wire Audio, Video, AND Signaling 8.2.10 Wire Audio, Video, AND Signaling 8.2.11 Wire Audio, Video, AND Signaling 8.2.12 Wire Audio, Video, AND Signaling 8.2.13 Wire Audio, Video, AND Signaling 8.2.14 Wire Audio, Video, AND Signaling 8.2.15 Wire Audio, Video, AND Signaling 8.2.16 Wire Audio, Video, AND Signaling 8.2.17 Wire Audio, Video, AND Signaling 8.2.23 Wire Audio, Video, AND Signaling 8.2.24 Wire Audio, Video, AND Signaling 8.2.25 Wire Audio, Video, AND Signaling 8.2.26 Wire Audio, Video, AND Signaling 8.2.27 Wire Audio, Video, AND Signaling 8.2.28 Wire Audio, Video, AND Signaling 8.2.29 Wire Audio, Video, AND Signaling 8.2.30 Wire Audio, Video, AND Signaling 8.2.31 Wire Audio, Video, AND Signaling 8.2.32 Wire Audio, Video, AND Signaling 8.2.33 Wire Audio, Video, AND Signaling 9.0.1 Wire Audio, Video, AND Signaling 9.0.2 Wire Audio, Video, AND Signaling 9.0.3 Wire Audio, Video, AND Signaling 9.0.4 Wire Audio, Video, AND Signaling 9.0.5 Wire Audio, Video, AND Signaling 9.0.7 Wire Audio, Video, AND Signaling 9.0.8 Wire Audio, Video, AND Signaling 9.0.9 Wire Audio, Video, AND Signaling 9.0.10 Wire Audio, Video, AND Signaling 9.0.11 Wire Audio, Video, AND Signaling 9.0.12 Wire Audio, Video, AND Signaling 9.0.13 Wire Audio, Video, AND Signaling 9.0.14 Wire Audio, Video, AND Signaling 9.0.15 Wire Audio, Video, AND Signaling 9.0.16 Wire Audio, Video, AND Signaling 9.0.17 Wire Audio, Video, AND Signaling 9.0.18 Wire Audio, Video, AND Signaling 9.0.19 Wire Audio, Video, AND Signaling 9.0.20 Wire Audio, Video, AND Signaling 9.0.21 Wire Audio, Video, AND Signaling 9.0.22 Wire Audio, Video, AND Signaling 9.0.23 Wire Audio, Video, AND Signaling 9.0.24 Wire Audio, Video, AND Signaling 9.0.25 Wire Audio, Video, AND Signaling 9.0.26 Wire Audio, Video, AND Signaling 9.0.27 Wire Audio, Video, AND Signaling 9.0.28 Wire Audio, Video, AND Signaling 9.1.3 Wire Audio, Video, AND Signaling 9.1.4 Wire Audio, Video, AND Signaling 9.1.5 Wire Audio, Video, AND Signaling 9.1.6 Wire Audio, Video, AND Signaling 9.1.7 Wire Audio, Video, AND Signaling 9.1.8 Wire Audio, Video, AND Signaling 9.1.9 Wire Audio, Video, AND Signaling 9.1.10 Wire Audio, Video, AND Signaling 9.1.11 Wire Audio, Video, AND Signaling 9.1.12 Wire Audio, Video, AND Signaling 9.1.13 Wire Audio, Video, AND Signaling 9.1.14 Wire Audio, Video, AND Signaling 9.1.16 Wire Audio, Video, AND Signaling 9.1.17 Wire Audio, Video, AND Signaling 9.1.18 Wire Audio, Video, AND Signaling 9.1.19 Wire Audio, Video, AND Signaling 9.1.20 Wire Audio, Video, AND Signaling 9.2.1 Wire Audio, Video, AND Signaling 9.2.2 Wire Audio, Video, AND Signaling 9.2.3 Wire Audio, Video, AND Signaling 9.2.4 Wire Audio, Video, AND Signaling 9.2.5 Wire Audio, Video, AND Signaling 9.2.6 Wire Audio, Video, AND Signaling 9.2.7 Wire Audio, Video, AND Signaling 9.2.8 Wire Audio, Video, AND Signaling 9.2.9 Wire Audio, Video, AND Signaling 9.2.10 Wire Audio, Video, AND Signaling 9.2.11 Wire Audio, Video, AND Signaling 9.2.12 Wire Audio, Video, AND Signaling 9.2.13 Wire Audio, Video, AND Signaling 9.2.14 Wire Audio, Video, AND Signaling 9.2.15 Wire Audio, Video, AND Signaling 9.2.17 Wire Audio, Video, AND Signaling 9.2.19 Wire Audio, Video, AND Signaling 9.2.20 Wire Audio, Video, AND Signaling 9.2.21 Wire Audio, Video, AND Signaling 9.3.1 Wire Audio, Video, AND Signaling 9.3.4	297

Common Weakness Enumeration (CWE)

CWE-134 - Use of Externally-Controlled Format String

Common Attack Pattern Enumeration and Classification (CAPEC)

Format String Injection
An attacker includes formatting characters in a string input field on the target application. Most applications assume that users will provide static text and may respond unpredictably to the presence of formatting character. For example, in certain functions of the C programming languages such as printf, the formatting character %s will print the contents of a memory location expecting this location to identify a string and the formatting character %n prints the number of DWORD written in the memory. An attacker can use this to read or write to memory locations or files, or simply to manipulate the value of the resulting text in unexpected ways. Reading or writing memory may result in program crashes and writing memory could result in the execution of arbitrary code if the attacker can write to the program stack.
String Format Overflow in syslog()
This attack targets the format string vulnerabilities in the syslog() function. An attacker would typically inject malicious input in the format string parameter of the syslog function. This is a common problem, and many public vulnerabilities and associated exploits have been posted.

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

References