CVE-2020-27853
📋 TL;DR
This is a format string vulnerability in Wire's Audio, Video, and Signaling (AVS) component that allows remote attackers to crash the application or potentially execute arbitrary code. It affects Wire AVS versions 5.3 through 6.x before 6.4, Wire Secure Messenger for Android before 3.49.918, and Wire Secure Messenger for iOS before 3.61. The vulnerability occurs via the value parameter to sdp_media_set_lattr in peerflow/sdp.c.
💻 Affected Systems
- Wire AVS (Audio, Video, and Signaling)
- Wire Secure Messenger for Android
- Wire Secure Messenger for iOS
📦 What is this software?
Wire by Wire
Wire by Wire
Wire by Wire
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution with full control of the affected system, potentially leading to complete compromise of the Wire service or client devices.
Likely Case
Denial of service through application crashes, disrupting audio/video calls and messaging functionality.
If Mitigated
Limited impact if proper network segmentation and access controls prevent external attackers from reaching vulnerable components.
🎯 Exploit Status
Format string vulnerabilities typically require specific knowledge of memory layout and can be challenging to exploit reliably for RCE.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Wire AVS 6.4+, Android app 3.49.918+, iOS app 3.61+
Vendor Advisory: http://github.security.telekom.com/2020/11/wire-secure-messenger-format-string-vulnerability.html
Restart Required: Yes
Instructions:
1. Update Wire AVS to version 6.4 or later. 2. Update Android Wire Secure Messenger to version 3.49.918 or later. 3. Update iOS Wire Secure Messenger to version 3.61 or later. 4. Restart affected services and applications.
🔧 Temporary Workarounds
Network segmentation
allRestrict network access to Wire AVS services to trusted networks only
Disable vulnerable features
allTemporarily disable audio/video calling features if not essential
🧯 If You Can't Patch
- Implement strict network access controls to limit exposure to trusted sources only
- Monitor for abnormal application crashes or memory corruption events in Wire services
🔍 How to Verify
Check if Vulnerable:
Check Wire AVS version: if between 5.3 and 6.4 (excluding 6.4), you are vulnerable. Check Android app version: if below 3.49.918, you are vulnerable. Check iOS app version: if below 3.61, you are vulnerable.Check Version:
Wire AVS: check package version or build info; Android: Settings > Apps > Wire > App info; iOS: Settings > General > About > VersionVerify Fix Applied:
Confirm Wire AVS version is 6.4 or higher, Android app is 3.49.918 or higher, iOS app is 3.61 or higher.📡 Detection & Monitoring
Log Indicators:
- Application crashes in Wire services
- Memory access violation errors
- Abnormal termination of peerflow/sdp processes
Network Indicators:
- Unusual SDP (Session Description Protocol) traffic patterns
- Malformed SDP attribute values in Wire protocol
SIEM Query:
source="wire-avs" AND (event="crash" OR event="segfault" OR message="*format string*" OR message="*sdp_media_set_lattr*")🔗 References
- http://github.security.telekom.com/2020/11/wire-secure-messenger-format-string-vulnerability.html
- https://github.com/wireapp/wire-audio-video-signaling/issues/23#issuecomment-710075689
- http://github.security.telekom.com/2020/11/wire-secure-messenger-format-string-vulnerability.html
- https://github.com/wireapp/wire-audio-video-signaling/issues/23#issuecomment-710075689
