Tags › CVE-2021-41145

FreeSWITCH: denial of service via SIP flooding

Published on Oct 25, 2021 in CVE-2021-41145, freeswitch, denial of service, security advisory

Fixed versions: v1.10.7
Enable Security Advisory: https://www.enablesecurity.com/advisories/ES2021-06-freeswitch-flood-dos/
Vendor Security Advisory: https://github.com/signalwire/freeswitch/security/advisories/GHSA-jvpq-23v4-gp3m
Other references: CVE-2021-41145
Tested vulnerable versions: <= v1.10.6
Timeline:
- Report date: 2021-05-28
- Triaged: 2021-06-18
- Fix provided for testing: 2021-10-08
- Second fix provided for testing: 2021-10-13
- Vendor release with fix: 2021-10-24
- Enable Security advisory: 2021-10-25

Description

When flooding FreeSWITCH with SIP messages, it was observed that after a number of seconds the process was killed by the operating system due to memory exhaustion. The following excerpt from syslog shows one such instance:

…

Tags › CVE-2021-41145

FreeSWITCH: denial of service via SIP flooding

Description

Subscribe