Tags › CVE-2021-41105
FreeSWITCH: denial of service via invalid SRTP packets
Published on Oct 25, 2021 in CVE-2021-41105, freeswitch, denial of service, security advisory
- Fixed versions: v1.10.7
- Enable Security Advisory: https://www.enablesecurity.com/advisories/ES2021-09-freeswitch-srtp-dos/
- Vendor Security Advisory: https://github.com/signalwire/freeswitch/security/advisories/GHSA-jh42-prph-gp36
- Other references: CVE-2021-41105
- Tested vulnerable versions: <= v1.10.6
- Timeline:
- Report date: 2021-09-06
- Triaged: 2021-09-10
- Fix provided for testing: 2021-09-17
- Vendor release with fix: 2021-10-24
- Enable Security advisory: 2021-10-25
TL;DR
When handling SRTP calls, FreeSWITCH is susceptible to a DoS where calls can be terminated by remote attackers. This attack can be done continuously, thus denying encrypted calls during the attack.
Description
When a media port that is handling SRTP traffic is flooded with a specially crafted SRTP packet, the call is terminated leading to denial of service. This issue was reproduced when using the SDES key exchange mechanism in a SIP environment as well as when using the DTLS key exchange mechanism in a WebRTC environment.
…