Sign-up

ID

VAR-201309-0138


CVE

CVE-2013-2238


TITLE

FreeSWITCH of switch_regex.c of switch_perform_substitution Buffer overflow vulnerability in functions

Trust: 0.8

sources: JVNDB: JVNDB-2013-004418

DESCRIPTION

Multiple buffer overflows in the switch_perform_substitution function in switch_regex.c in FreeSWITCH 1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the index and substituted variables. FreeSWITCH is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input. Successful exploits may allow attackers to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. FreeSWITCH is a set of free and open source communication software developed by American software developer Anthony Minesale. The software can be used to create audio, video and short message products and applications. A buffer overflow vulnerability exists in the 'switch_perform_substitution' function in the switch_regex.c file in FreeSWITCH version 1.2

Trust: 1.98

sources: NVD: CVE-2013-2238 // JVNDB: JVNDB-2013-004418 // BID: 60890 // VULHUB: VHN-62240

AFFECTED PRODUCTS

vendor:freeswitchmodel:freeswitchscope:eqversion:1.2

Trust: 2.4

sources: JVNDB: JVNDB-2013-004418 // CNNVD: CNNVD-201307-077 // NVD: CVE-2013-2238

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-2238
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-2238
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201307-077
value: MEDIUM

Trust: 0.6

VULHUB: VHN-62240
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-2238
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-62240
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-62240 // JVNDB: JVNDB-2013-004418 // CNNVD: CNNVD-201307-077 // NVD: CVE-2013-2238

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-62240 // JVNDB: JVNDB-2013-004418 // NVD: CVE-2013-2238

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-077

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201307-077

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004418

PATCH
title:FS-5566url:http://jira.freeswitch.org/browse/FS-5566
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004418

EXTERNAL IDS
db:NVDid:CVE-2013-2238
Trust: 2.8
db:OPENWALLid:OSS-SECURITY/2013/07/04/4
Trust: 2.5
db:BIDid:60890
Trust: 1.0
db:JVNDBid:JVNDB-2013-004418
Trust: 0.8
db:CNNVDid:CNNVD-201307-077
Trust: 0.7
db:MLISTid:[OSS-SECURITY] 20130703 RE: CVE REQUEST: FREESWITCH REGEX SUBSTITUTION 3 BUFFER OVERFLOWS
Trust: 0.6
db:VULHUBid:VHN-62240
Trust: 0.1
sources:
            
            
            VULHUB: VHN-62240 // 
            
            
            
            BID: 60890 // 
            
            
            
            JVNDB: JVNDB-2013-004418 // 
            
            
            
            CNNVD: CNNVD-201307-077 // 
            
            
            
            NVD: CVE-2013-2238

REFERENCES
url:http://www.openwall.com/lists/oss-security/2013/07/04/4
Trust: 2.5
url:http://jira.freeswitch.org/browse/fs-5566
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2238
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2238
Trust: 0.8
url:http://www.securityfocus.com/bid/60890
Trust: 0.6
sources:
            
            
            VULHUB: VHN-62240 // 
            
            
            
            JVNDB: JVNDB-2013-004418 // 
            
            
            
            CNNVD: CNNVD-201307-077 // 
            
            
            
            NVD: CVE-2013-2238

CREDITS
Michael Tokarev
Trust: 0.9
sources:
            
            
            BID: 60890 // 
            
            
            
            CNNVD: CNNVD-201307-077

SOURCES
db:VULHUBid:VHN-62240
db:BIDid:60890
db:JVNDBid:JVNDB-2013-004418
db:CNNVDid:CNNVD-201307-077
db:NVDid:CVE-2013-2238

LAST UPDATE DATE
2025-04-11T23:10:39.841000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-62240date:2013-10-11T00:00:00
db:BIDid:60890date:2013-07-04T07:11:00
db:JVNDBid:JVNDB-2013-004418date:2013-10-03T00:00:00
db:CNNVDid:CNNVD-201307-077date:2013-10-12T00:00:00
db:NVDid:CVE-2013-2238date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-62240date:2013-09-30T00:00:00
db:BIDid:60890date:2013-07-02T00:00:00
db:JVNDBid:JVNDB-2013-004418date:2013-10-03T00:00:00
db:CNNVDid:CNNVD-201307-077date:2013-07-05T00:00:00
db:NVDid:CVE-2013-2238date:2013-09-30T22:55:04.697