{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T15:19:55.669","vulnerabilities":[{"cve":{"id":"CVE-2023-40018","sourceIdentifier":"security-advisories@github.com","published":"2023-09-15T20:15:09.447","lastModified":"2024-11-21T08:18:31.417","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows remote users to trigger out of bounds write by offering an ICE candidate with unknown component ID. When an SDP is offered with any ICE candidates with an unknown component ID, FreeSWITCH will make an out of bounds write to its  arrays. By abusing this vulnerability, an attacker is able to corrupt FreeSWITCH memory leading to an undefined behavior of the system or a crash of it. Version 1.10.10 contains a patch for this issue."},{"lang":"es","value":"FreeSWITCH es una pila de telecomunicaciones definida por software que permite la transformación digital de switches de telecomunicaciones propietarios a una implementación de software que se ejecuta en cualquier hardware básico. Antes de la versión 1.10.10, FreeSWITCH permitía a los usuarios remotos activar escritura fuera de límites ofreciendo un candidato ICE con un ID de componente desconocido. Cuando se ofrece un SDP con candidatos ICE con un ID de componente desconocido, FreeSWITCH realizará una escritura fuera de límites en sus matrices. Al abusar de esta vulnerabilidad, un atacante puede corromper la memoria de FreeSWITCH, lo que provoca un comportamiento indefinido del sistema o un bloqueo del mismo. La versión 1.10.10 contiene un parche para este problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:freeswitch:freeswitch:*:*:*:*:*:*:*:*","versionEndExcluding":"1.10.10","matchCriteriaId":"5FBCE979-CA36-45E2-B9DE-11B260D2AB19"}]}]}],"references":[{"url":"https://github.com/signalwire/freeswitch/releases/tag/v1.10.10","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/signalwire/freeswitch/security/advisories/GHSA-7mwp-86fv-hcg3","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://github.com/signalwire/freeswitch/releases/tag/v1.10.10","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]},{"url":"https://github.com/signalwire/freeswitch/security/advisories/GHSA-7mwp-86fv-hcg3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}