Tags › CVE-2023-51443

FreeSWITCH: denial of service via DTLS Hello packets during call initiation

Published on Dec 22, 2023 in CVE-2023-51443, freeswitch, denial of service, security advisory

Fixed versions: 1.10.11
Enable Security Advisory: https://www.enablesecurity.com/advisories/ES2023-02-freeswitch-dtls-hello-race/
Vendor Security Advisory: https://github.com/signalwire/freeswitch/security/advisories/GHSA-39gv-hq72-j6m6
Other references: CVE-2023-51443
Tested vulnerable versions: 1.10.10
Timeline:
- Report date: 2023-09-27
- Triaged: 2023-09-27
- Fix provided for testing: 2023-09-29
- Vendor release with fix: 2023-12-22
- Enable Security advisory: 2023-12-22

TL;DR

When handling DTLS-SRTP for media setup, FreeSWITCH is susceptible to Denial of Service due to a race condition in the hello handshake phase of the DTLS protocol. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack.

…

Tags › CVE-2023-51443

FreeSWITCH: denial of service via DTLS Hello packets during call initiation

TL;DR

Subscribe