VAR-201510-0226
Vulnerability from variot - Updated: 2023-12-18 13:39Heap-based buffer overflow in the parse_string function in libs/esl/src/esl_json.c in FreeSWITCH before 1.4.23 and 1.6.x before 1.6.2 allows remote attackers to execute arbitrary code via a trailing \u in a json string to cJSON_Parse. FreeSWITCH is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. A remote attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed attempts will likely cause a denial-of-service condition. Versions prior to FreeSWITCH 1.6.2 and 1.4.23 are vulnerable. FreeSWITCH is a set of free and open source communication software developed by American software developer Anthony Minesale. The software can be used to create audio, video and short message products and applications. There is a heap-based buffer overflow vulnerability in the 'parse_string' function in the libs/esl/src/esl_json.c file of FreeSWITCH 1.4.21 and earlier versions and 1.6.0. The vulnerability stems from the fact that the cJSON_Parse structure does not sufficiently filter' json' character at the end of the string. 1. Advisory Information
Title: Heap overflow in freeswitch json parser < 1.6.2 & < 1.4.23 Submitter: Marcello Duarte (marcello@cybersightgroup.com) Product: freeswitch Product URL: http://freeswitch.org Affected Versions: freeswitch < 1.6.2 & < 1.4.23 Fixed Versions: 1.6.2 , 1.4.23 Link to source code diff: https://freeswitch.org/stash/projects/FS/repos/freeswitch/commits/cf892528a1a107ed6eb67fb98ed22533e27778fd CVE Status: CVE-2015-7392
- Vulnerability Information
Impact: Code execution Remotely Exploitable: Yes Locally Exploitable: No
- Vulnerability Description
Product Information: FreeSWITCH is a scalable open source cross-platform telephony platform designed to route and interconnect popular communication protocols using audio, video, text or any other form of media. It was created in 2006 to fill the void left by proprietary commercial solutions. FreeSWITCH also provides a stable telephony platform on which many applications can be developed using a wide range of free tools.
Vulnerability:
A carefully crafted json string supplied to cJSON_Parse will trigger a heap overflow with user controlled data.
The underlying vulnerability occurs in the parse_string function.
This confuses the code responsible for copying the string. Since it doesn't detect the NULL in this situation, it will keep copying until it hits a null in memory. This leads to a heap overflow with user controlled data.
Any modules or core code which allows user supplied json to enter the json parser will be vulnerable.
Vulnerable Source Code:
static const char parse_string(cJSON item, const char *str) {
...
/ HACKLOG The length of string is determined here, it will stop counting when it hits a null /
while (ptr != '\"' && ptr && ++len) if (ptr++ == '\') ptr++; / Skip escaped quotes. */
/ HACKLOG The buffer is alloced with the length obtained from the previous section /
out = (char )cJSON_malloc( len + 1); / This is how long we need for the string, roughly. */ if (!out) return 0;
/ HACKLOG the following code will copy the string into the alloced buffer taking into account utf16 to utf8 conversion /
ptr = str + 1; ptr2 = out; / 1 / while (ptr != '\"' && ptr) { if (ptr != '\') ptr2++ = ptr++; else { ptr++; switch (ptr) { case 'b': ptr2++ = '\b'; break; case 'f': ptr2++ = '\f'; break; case 'n': ptr2++ = '\n'; break; case 'r': ptr2++ = '\r'; break; case 't': ptr2++ = '\t'; break; case 'u': / transcode utf16 to utf8. */ if (sscanf(ptr + 1, "%4x", &uc) < 1) break;
ptr += 4; /* get the unicode char. */
if ((uc >= 0xDC00 && uc <= 0xDFFF) || uc == 0)
break; // check for invalid.
if (uc >= 0xD800 && uc <= 0xDBFF) // UTF16 surrogate pairs.
{
if (ptr[1] != '\\' || ptr[2] != 'u')
break; // missing second-half of surrogate.
if (sscanf(ptr + 3, "%4x", &uc2) < 1)
break;
ptr += 6;
if (uc2 < 0xDC00 || uc2 > 0xDFFF)
break; // invalid second-half of surrogate.
uc = 0x10000 | ((uc & 0x3FF) << 10) | (uc2 & 0x3FF);
}
len = 4;
if (uc < 0x80)
len = 1;
else if (uc < 0x800)
len = 2;
else if (uc < 0x10000)
len = 3;
ptr2 += len;
switch (len) {
case 4:
*--ptr2 = ((uc | 0x80) & 0xBF);
uc >>= 6;
case 3:
*--ptr2 = ((uc | 0x80) & 0xBF);
uc >>= 6;
case 2:
*--ptr2 = ((uc | 0x80) & 0xBF);
uc >>= 6;
case 1:
*--ptr2 = (char)(uc | firstByteMark[len]);
}
ptr2 += len;
break;
default:
*ptr2++ = *ptr;
break;
}
/* HACKLOG INCREMENTS past null here, causing the while loop to
not detect the end of the buffer so it keeps copying past the end of the alloced buffer */ ptr++; }
- Vendor Information, Solutions
Freeswitch has released versions 1.6.2 , 1.4.23 which fix the issue.
- Credits
This vulnerability was discovered and researched by Marcello Duarte ( marcello@cybersightgroup.com ) from CYBERSIGHT GROUP Vulnerability Research Labs.
-
Report Timeline 2015-09-02 - Vulnerability found 2015-09-13 - Freeswitch developers contacted 2015-09-14 - Freeswitch developers verified bug and patched in master 2015-09-25 - Freeswitch releases fixed packages. 2015-09-20 - CVE requested 2015-09-29 - CVE issued, Advisory released
-
About CYBERSIGHT GROUP
CYBERSIGHT GROUP is an organization of security professionals specializing in several areas of offensive computer security research. We specialize in vulnerability research, exploit development, reverse engineering and cyber attack planning. http://cybersightgroup.com , contact@cybersightgroup.com
- Disclaimer
The information provided in the advisory is provided as is without any warranty. CYBERSIGHT GROUP and it's members are not liable in any case of damage, direct or indirect. Permission to redistribute the advisory in it's unmodified form is granted.
-- Marcello Duarte Chief Research Officer CYBERSIGHT GROUP
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201510-0226",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "freeswitch",
"scope": "eq",
"trust": 1.6,
"vendor": "freeswitch",
"version": "1.6.0"
},
{
"model": "freeswitch",
"scope": "lte",
"trust": 1.0,
"vendor": "freeswitch",
"version": "1.4.21"
},
{
"model": "freeswitch",
"scope": "eq",
"trust": 0.8,
"vendor": "freeswitch",
"version": "1.6.2"
},
{
"model": "freeswitch",
"scope": "lt",
"trust": 0.8,
"vendor": "freeswitch",
"version": "1.6.x"
},
{
"model": "freeswitch",
"scope": "eq",
"trust": 0.6,
"vendor": "freeswitch",
"version": "1.4.21"
},
{
"model": "freeswitch",
"scope": "eq",
"trust": 0.3,
"vendor": "freeswitch",
"version": "1.6"
},
{
"model": "freeswitch",
"scope": "eq",
"trust": 0.3,
"vendor": "freeswitch",
"version": "1.4"
},
{
"model": "freeswitch",
"scope": "ne",
"trust": 0.3,
"vendor": "freeswitch",
"version": "1.6.2"
},
{
"model": "freeswitch",
"scope": "ne",
"trust": 0.3,
"vendor": "freeswitch",
"version": "1.4.23"
}
],
"sources": [
{
"db": "BID",
"id": "76976"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005082"
},
{
"db": "NVD",
"id": "CVE-2015-7392"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-018"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:freeswitch:freeswitch:1.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:freeswitch:freeswitch:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.4.21",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7392"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marcello Duarte",
"sources": [
{
"db": "BID",
"id": "76976"
},
{
"db": "PACKETSTORM",
"id": "133781"
}
],
"trust": 0.4
},
"cve": "CVE-2015-7392",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-7392",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-85353",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-7392",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201510-018",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-85353",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85353"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005082"
},
{
"db": "NVD",
"id": "CVE-2015-7392"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-018"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based buffer overflow in the parse_string function in libs/esl/src/esl_json.c in FreeSWITCH before 1.4.23 and 1.6.x before 1.6.2 allows remote attackers to execute arbitrary code via a trailing \\u in a json string to cJSON_Parse. FreeSWITCH is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. \nA remote attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed attempts will likely cause a denial-of-service condition. \nVersions prior to FreeSWITCH 1.6.2 and 1.4.23 are vulnerable. FreeSWITCH is a set of free and open source communication software developed by American software developer Anthony Minesale. The software can be used to create audio, video and short message products and applications. There is a heap-based buffer overflow vulnerability in the \u0027parse_string\u0027 function in the libs/esl/src/esl_json.c file of FreeSWITCH 1.4.21 and earlier versions and 1.6.0. The vulnerability stems from the fact that the cJSON_Parse structure does not sufficiently filter\u0027 json\u0027 character at the end of the string. \ufeff1. Advisory Information\n\nTitle: Heap overflow in freeswitch json parser \u003c 1.6.2 \u0026 \u003c 1.4.23\nSubmitter: Marcello Duarte (marcello@cybersightgroup.com)\nProduct: freeswitch\nProduct URL: http://freeswitch.org\nAffected Versions: freeswitch \u003c 1.6.2 \u0026 \u003c 1.4.23\nFixed Versions: 1.6.2 , 1.4.23\nLink to source code diff:\nhttps://freeswitch.org/stash/projects/FS/repos/freeswitch/commits/cf892528a1a107ed6eb67fb98ed22533e27778fd\nCVE Status: CVE-2015-7392\n\n2. Vulnerability Information\n\nImpact: Code execution\nRemotely Exploitable: Yes\nLocally Exploitable: No\n\n\n3. Vulnerability Description\n\nProduct Information: FreeSWITCH is a scalable open source\ncross-platform telephony platform designed to route and interconnect\npopular communication protocols using audio, video, text or any other\nform of media. It was created in 2006 to fill the void left by\nproprietary commercial solutions. FreeSWITCH also provides a stable\ntelephony platform on which many applications can be developed using a\nwide range of free tools. \n\nVulnerability:\n\nA carefully crafted json string supplied to cJSON_Parse will trigger a\nheap overflow with user controlled data. \n\nThe underlying vulnerability occurs in the parse_string function. \n\nThis confuses the code responsible for copying the string. Since it\ndoesn\u0027t detect the NULL in this situation, it will keep copying until\nit hits a null in memory. This leads to a heap overflow with user\ncontrolled data. \n\nAny modules or core code which allows user supplied json to enter the\njson parser will be vulnerable. \n\n\nVulnerable Source Code:\n\nstatic const char *parse_string(cJSON *item, const char *str) {\n\n... \n\n/* HACKLOG The length of string is determined here, it will stop\ncounting when it hits a null */\n\n while (*ptr != \u0027\\\"\u0027 \u0026\u0026 *ptr \u0026\u0026 ++len)\n if (*ptr++ == \u0027\\\\\u0027)\n ptr++; /* Skip escaped quotes. */\n\n\n/* HACKLOG The buffer is alloced with the length obtained from the\nprevious section */\n\n out = (char *)cJSON_malloc(\n len + 1); /* This is how long we need for the string, roughly. */\n if (!out)\n return 0;\n\n/* HACKLOG the following code will copy the string into the alloced\nbuffer taking into account utf16 to utf8 conversion */\n\n ptr = str + 1;\n ptr2 = out;\n/* 1 */\n while (*ptr != \u0027\\\"\u0027 \u0026\u0026 *ptr) {\n if (*ptr != \u0027\\\\\u0027)\n *ptr2++ = *ptr++;\n else {\n ptr++;\n switch (*ptr) {\n case \u0027b\u0027:\n *ptr2++ = \u0027\\b\u0027;\n break;\n case \u0027f\u0027:\n *ptr2++ = \u0027\\f\u0027;\n break;\n case \u0027n\u0027:\n *ptr2++ = \u0027\\n\u0027;\n break;\n case \u0027r\u0027:\n *ptr2++ = \u0027\\r\u0027;\n break;\n case \u0027t\u0027:\n *ptr2++ = \u0027\\t\u0027;\n break;\n case \u0027u\u0027: /* transcode utf16 to utf8. */\n if (sscanf(ptr + 1, \"%4x\", \u0026uc) \u003c 1)\n break;\n\n ptr += 4; /* get the unicode char. */\n\n if ((uc \u003e= 0xDC00 \u0026\u0026 uc \u003c= 0xDFFF) || uc == 0)\n break; // check for invalid. \n\n if (uc \u003e= 0xD800 \u0026\u0026 uc \u003c= 0xDBFF) // UTF16 surrogate pairs. \n {\n if (ptr[1] != \u0027\\\\\u0027 || ptr[2] != \u0027u\u0027)\n break; // missing second-half of surrogate. \n if (sscanf(ptr + 3, \"%4x\", \u0026uc2) \u003c 1)\n break;\n ptr += 6;\n if (uc2 \u003c 0xDC00 || uc2 \u003e 0xDFFF)\n break; // invalid second-half of surrogate. \n uc = 0x10000 | ((uc \u0026 0x3FF) \u003c\u003c 10) | (uc2 \u0026 0x3FF);\n }\n\n len = 4;\n if (uc \u003c 0x80)\n len = 1;\n else if (uc \u003c 0x800)\n len = 2;\n else if (uc \u003c 0x10000)\n len = 3;\n ptr2 += len;\n\n switch (len) {\n case 4:\n *--ptr2 = ((uc | 0x80) \u0026 0xBF);\n uc \u003e\u003e= 6;\n case 3:\n *--ptr2 = ((uc | 0x80) \u0026 0xBF);\n uc \u003e\u003e= 6;\n case 2:\n *--ptr2 = ((uc | 0x80) \u0026 0xBF);\n uc \u003e\u003e= 6;\n case 1:\n *--ptr2 = (char)(uc | firstByteMark[len]);\n }\n ptr2 += len;\n break;\n default:\n *ptr2++ = *ptr;\n break;\n }\n\n /* HACKLOG INCREMENTS past null here, causing the while loop to\nnot detect the end of the buffer so it keeps copying past the end of\nthe alloced buffer */\n ptr++;\n }\n\n\n\n4. Vendor Information, Solutions\n\nFreeswitch has released versions 1.6.2 , 1.4.23 which fix the issue. \n\n\n5. Credits\n\nThis vulnerability was discovered and researched by Marcello Duarte (\nmarcello@cybersightgroup.com ) from CYBERSIGHT GROUP Vulnerability\nResearch Labs. \n\n6. Report Timeline\n2015-09-02 - Vulnerability found\n2015-09-13 - Freeswitch developers contacted\n2015-09-14 - Freeswitch developers verified bug and patched in master\n2015-09-25 - Freeswitch releases fixed packages. \n2015-09-20 - CVE requested\n2015-09-29 - CVE issued, Advisory released\n\n7. About CYBERSIGHT GROUP\n\nCYBERSIGHT GROUP is an organization of security professionals\nspecializing in several areas of offensive computer security research. \nWe specialize in vulnerability research, exploit development, reverse\nengineering and cyber attack planning. http://cybersightgroup.com ,\ncontact@cybersightgroup.com\n\n\n8. Disclaimer\n\nThe information provided in the advisory is provided as is without any\nwarranty. CYBERSIGHT GROUP and it\u0027s members are not liable in any case\nof damage, direct or indirect. Permission to redistribute the\nadvisory in it\u0027s unmodified form is granted. \n\n\n\n\n-- \nMarcello Duarte\nChief Research Officer\nCYBERSIGHT GROUP\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7392"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005082"
},
{
"db": "BID",
"id": "76976"
},
{
"db": "VULHUB",
"id": "VHN-85353"
},
{
"db": "PACKETSTORM",
"id": "133781"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-85353",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85353"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7392",
"trust": 2.9
},
{
"db": "PACKETSTORM",
"id": "133781",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005082",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201510-018",
"trust": 0.7
},
{
"db": "BID",
"id": "76976",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-85353",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85353"
},
{
"db": "BID",
"id": "76976"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005082"
},
{
"db": "PACKETSTORM",
"id": "133781"
},
{
"db": "NVD",
"id": "CVE-2015-7392"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-018"
}
]
},
"id": "VAR-201510-0226",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-85353"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:39:13.564000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://freeswitch.org/"
},
{
"title": "FS-8160: properly handle malformed json when parsing json with \\u at the end of a json string",
"trust": 0.8,
"url": "https://freeswitch.org/stash/projects/fs/repos/freeswitch/commits/cf8925"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005082"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85353"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005082"
},
{
"db": "NVD",
"id": "CVE-2015-7392"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://freeswitch.org/stash/projects/fs/repos/freeswitch/commits/cf8925"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/133781/freeswitch-heap-overflow.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/536569/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7392"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7392"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/536569/100/0/threaded"
},
{
"trust": 0.4,
"url": "https://freeswitch.org/stash/projects/fs/repos/freeswitch/commits/cf892528a1a107ed6eb67fb98ed22533e27778fd"
},
{
"trust": 0.3,
"url": "http://www.freeswitch.org/"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2015/sep/137"
},
{
"trust": 0.1,
"url": "http://freeswitch.org"
},
{
"trust": 0.1,
"url": "http://cybersightgroup.com"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7392"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85353"
},
{
"db": "BID",
"id": "76976"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005082"
},
{
"db": "PACKETSTORM",
"id": "133781"
},
{
"db": "NVD",
"id": "CVE-2015-7392"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-018"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-85353"
},
{
"db": "BID",
"id": "76976"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-005082"
},
{
"db": "PACKETSTORM",
"id": "133781"
},
{
"db": "NVD",
"id": "CVE-2015-7392"
},
{
"db": "CNNVD",
"id": "CNNVD-201510-018"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-10-05T00:00:00",
"db": "VULHUB",
"id": "VHN-85353"
},
{
"date": "2015-09-29T00:00:00",
"db": "BID",
"id": "76976"
},
{
"date": "2015-10-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005082"
},
{
"date": "2015-09-30T03:03:33",
"db": "PACKETSTORM",
"id": "133781"
},
{
"date": "2015-10-05T14:59:01.703000",
"db": "NVD",
"id": "CVE-2015-7392"
},
{
"date": "2015-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-018"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-85353"
},
{
"date": "2015-09-29T00:00:00",
"db": "BID",
"id": "76976"
},
{
"date": "2015-10-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-005082"
},
{
"date": "2018-10-09T19:58:08.220000",
"db": "NVD",
"id": "CVE-2015-7392"
},
{
"date": "2015-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201510-018"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201510-018"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FreeSWITCH of libs/esl/src/esl_json.c of parse_string Heap-based buffer overflow vulnerability in functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-005082"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201510-018"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…