{"id":"CVE-2023-48221","summary":"wire-avs remote format string vulnerability ","details":"wire-avs provides Audio, Visual, and Signaling (AVS) functionality sure the secure messaging software Wire. Prior to versions 9.2.22 and 9.3.5, a remote format string vulnerability could potentially allow an attacker to cause a denial of service or possibly execute arbitrary code. The issue has been fixed in wire-avs 9.2.22 & 9.3.5 and is already included on all Wire products. No known workarounds are available.","aliases":["GHSA-m4xg-fcr3-w3pq"],"modified":"2026-04-16T11:31:54.325641Z","published":"2023-11-20T17:18:19.030Z","database_specific":{"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/48xxx/CVE-2023-48221.json","cwe_ids":["CWE-134"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/48xxx/CVE-2023-48221.json"},{"type":"ADVISORY","url":"https://github.com/wireapp/wire-avs/security/advisories/GHSA-m4xg-fcr3-w3pq"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48221"},{"type":"FIX","url":"https://github.com/wireapp/wire-avs/commit/364c3326a1331a84607bce2e17126306d39150cd"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wireapp/wire-avs","events":[{"introduced":"0"},{"fixed":"0aeb00292e2c21161dfe0abb43464d4c73152681"},{"fixed":"364c3326a1331a84607bce2e17126306d39150cd"}],"database_specific":{"source":["CPE_FIELD","REFERENCES"],"cpe":"cpe:2.3:a:wire:audio\\,_video\\,_and_signaling:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"9.2.22"}]}}],"versions":["0.0.4045","0.0.4046","0.0.4047","0.0.4048","0.0.4049","0.0.4050","0.0.4051","0.0.4052","0.0.4053","0.0.4054","0.0.4055","0.0.4056","0.0.4057","0.0.4058","0.0.4059","0.0.4060","0.0.4063","0.0.4064","0.0.4065","0.0.4066","0.0.4067","0.0.4068","0.0.4069","0.0.4070","0.0.4071","0.0.4072","0.0.4073","0.0.4074","0.0.4075","0.0.4076","0.0.4077","0.0.4078","0.0.4079","0.0.4080","0.0.4081","0.0.4082","0.0.4083","0.0.4084","0.0.4086","0.0.4087","0.0.4092","0.0.4093","0.0.4096","0.0.4097","0.0.4098","0.0.4107","0.0.4108","0.0.4109","0.0.4110","0.0.4111","0.0.4112","0.0.4113","0.0.4114","0.0.4116","0.0.4117","0.0.4118","0.0.4120","0.0.4121","0.0.4122","0.0.4124","0.0.4125","0.0.4127","0.0.4128","0.0.4140","0.0.4142","0.0.4143","0.0.4144","0.0.4147","0.0.4148","0.0.4149","0.0.4150","0.0.4151","0.0.4156","0.0.4157","0.0.4158","0.0.4159","0.0.4160","0.0.4161","0.0.4162","0.0.4163","0.0.4164","0.0.4166","0.0.4167","0.0.4168","0.0.4175","0.0.4176","0.0.4178","0.0.4179","0.0.4180","0.0.4181","0.0.4182","0.0.4183","0.0.4184","0.0.4185","0.0.4186","0.0.4187","0.0.4188","0.0.4189","0.0.4190","0.0.4191","0.0.4192","0.0.4193","0.0.4194","0.0.4195","0.0.4197","0.0.4199","7.1.1","7.1.103","7.1.104","7.1.105","7.1.106","7.1.78","7.2.80","7.2.84","8.0.1","8.0.10","8.0.11","8.0.12","8.0.2","8.0.3","8.0.4","8.0.5","8.0.6","8.0.7","8.0.8","8.0.9","8.1.1","8.1.2","8.1.3","8.1.4","8.2.1","9.0.1","9.1.3","9.1.4","9.1.5","9.1.6","9.1.7","9.2.1","9.2.10","9.2.11","9.2.12","9.2.13","9.2.14","9.2.15","9.2.17","9.2.19","9.2.2","9.2.20","9.2.21","9.2.3","9.2.4","9.2.5","9.2.6","9.2.7","9.2.8","9.2.9","9.3.1","9.3.4","9.3.6"],"database_specific":{"vanir_signatures":[{"source":"https://github.com/wireapp/wire-avs/commit/0aeb00292e2c21161dfe0abb43464d4c73152681","id":"CVE-2023-48221-26b2d296","digest":{"line_hashes":["122746583417084871728688984422911930131","215000251740698008057616661646412624494","282003704325653094155278138383421371658","288898036967538360780169907322905309768"],"threshold":0.9},"deprecated":false,"signature_type":"Line","signature_version":"v1","target":{"file":"src/sdp/bundle.c"}},{"source":"https://github.com/wireapp/wire-avs/commit/0aeb00292e2c21161dfe0abb43464d4c73152681","id":"CVE-2023-48221-8e98474f","digest":{"function_hash":"238999916680917770632223221160041664663","length":1125},"deprecated":false,"signature_type":"Function","signature_version":"v1","target":{"file":"src/sdp/bundle.c","function":"bundle_update"}}],"vanir_signatures_modified":"2026-04-16T11:31:54Z","source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-48221.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:H"}]}