CVE-2021-41193: Use of Externally-Controlled Format String

March 1, 2022

wire-avs is the audio visual signaling (AVS) component of Wire, an open-source messenger. A remote format string vulnerability in versions prior to 7.1.12 allows an attacker to cause a denial of service or possibly execute arbitrary code. The issue has been fixed in wire-avs 7.1.12. There are currently no known workarounds.

References

github.com/advisories/GHSA-2j6v-xpf3-xvrv
github.com/wireapp/wire-avs/security/advisories/GHSA-2j6v-xpf3-xvrv

Code Behaviors & Features

Detect and mitigate CVE-2021-41193 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →