Login Sign Up

CVE-2021-41193

9.8 CRITICAL
Remote Code Execution Denial of Service

📋 TL;DR

CVE-2021-41193 is a remote format string vulnerability in wire-avs, the audio visual signaling component of Wire messenger. This allows attackers to cause denial of service or potentially execute arbitrary code by sending specially crafted input. All Wire installations using wire-avs versions before 7.1.12 are affected.

💻 Affected Systems

Products:
  • Wire messenger
  • wire-avs component
Versions: All versions prior to 7.1.12
Operating Systems: All platforms running Wire
Default Config Vulnerable: ⚠️ Yes
Notes: Any Wire installation with audio/video functionality enabled is vulnerable. The vulnerability is in the wire-avs component specifically.

📦 What is this software?

Wire Audio Video Signaling by Wire

View all CVEs affecting Wire Audio Video Signaling →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with full system compromise, allowing attackers to take control of affected systems.

🟠

Likely Case

Denial of service causing Wire's audio/video functionality to crash, disrupting communication services.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent external attackers from reaching vulnerable components.

🌐 Internet-Facing: HIGH - Wire servers are typically internet-facing, making them directly accessible to remote attackers.
🏢 Internal Only: MEDIUM - Internal attackers could exploit this if they have network access to Wire servers.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Format string vulnerabilities typically require some understanding of memory layout and exploitation techniques, but the remote nature makes this serious.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: wire-avs 7.1.12

Vendor Advisory: https://github.com/wireapp/wire-avs/security/advisories/GHSA-2j6v-xpf3-xvrv

Restart Required: Yes

Instructions:

1. Update wire-avs to version 7.1.12 or later. 2. Update Wire messenger to latest version. 3. Restart Wire services. 4. Verify the update was successful.

🔧 Temporary Workarounds

No official workarounds

all

The vendor states there are no known workarounds for this vulnerability.

🧯 If You Can't Patch

  • Isolate Wire servers behind firewalls with strict access controls
  • Disable audio/video functionality if not required

🔍 How to Verify

Check if Vulnerable:

Check wire-avs version: If version is less than 7.1.12, system is vulnerable.

Check Version:

Check Wire application version or examine wire-avs package version in package manager.

Verify Fix Applied:

Verify wire-avs version is 7.1.12 or higher after update.

📡 Detection & Monitoring

Log Indicators:

  • Crash logs from wire-avs process
  • Unusual format string patterns in audio/video session logs

Network Indicators:

  • Unusual traffic patterns to Wire audio/video ports
  • Malformed protocol packets

SIEM Query:

Process:wire-avs AND (EventType:Crash OR ErrorCode:*format*)

📊 Metadata

CVE ID: CVE-2021-41193
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-134
Published: March 1, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-41193, you might also want to check these:

CVE-2021-42911 9.8

This is a critical format string vulnerability in DrayTek router firmware that allows remote attacke...

Same vulnerability type (CWE-134)
CVE-2023-5746 9.8

A format string vulnerability in Synology camera firmware allows remote attackers to execute arbitra...

Same vulnerability type (CWE-134)
CVE-2021-20307 9.8

This format string vulnerability in libpano13 allows attackers to read and write arbitrary memory va...

Same vulnerability type (CWE-134)