CVE-2023-48221 – A format string vulnerability in wire-avs (Audi... (How to Fix)

Q: What is the severity of CVE-2023-48221?

CVE-2023-48221 has a CVSS score of 7.3 (HIGH). A format string vulnerability in wire-avs (Audio, Visual, and Signaling component) could allow remote attackers to cause denial of service or potentially execute arbitrary code. This affects Wire secure messaging software users running vulnerable versions of wire-avs. The vulnerability is fixed in patched versions.

📋 TL;DR

A format string vulnerability in wire-avs (Audio, Visual, and Signaling component) could allow remote attackers to cause denial of service or potentially execute arbitrary code. This affects Wire secure messaging software users running vulnerable versions of wire-avs. The vulnerability is fixed in patched versions.

💻 Affected Systems

Products:

Wire secure messaging platform
wire-avs component

Versions: wire-avs versions prior to 9.2.22 and 9.3.5

Operating Systems: All platforms running Wire (Linux, Windows, macOS, mobile)

Default Config Vulnerable: ⚠️ Yes

Notes: All Wire products using vulnerable wire-avs versions are affected. The vulnerability is in the core AVS functionality.

📦 What is this software?

Audio\, Video\, And Signaling by Wire

View all CVEs affecting Audio\, Video\, And Signaling →

Audio\, Video\, And Signaling by Wire

View all CVEs affecting Audio\, Video\, And Signaling →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Denial of service causing Wire AVS functionality to crash, disrupting audio/video calls and signaling.

🟢

If Mitigated

Limited impact with proper network segmentation and patched systems, potentially only service disruption.

🌐 Internet-Facing: HIGH - Wire products often handle external connections for messaging/calls, making internet-facing instances vulnerable.

🏢 Internal Only: MEDIUM - Internal Wire deployments could still be exploited by compromised internal users or lateral movement.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Format string vulnerabilities typically require specific input crafting but can be exploited remotely without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: wire-avs 9.2.22 or 9.3.5

Vendor Advisory: https://github.com/wireapp/wire-avs/security/advisories/GHSA-m4xg-fcr3-w3pq

Restart Required: Yes

Instructions:

1. Update Wire to version including wire-avs 9.2.22 or 9.3.5. 2. Restart Wire services. 3. Verify the update applied correctly.

🔧 Temporary Workarounds

No workarounds available

all

Vendor states no known workarounds exist for this vulnerability

🧯 If You Can't Patch

Isolate Wire instances from untrusted networks using firewall rules.
Implement strict network segmentation to limit potential lateral movement.

🔍 How to Verify

Check if Vulnerable:

Check wire-avs version: For Linux systems, check package version or Wire application version that includes wire-avs.

Check Version:

wire --version or check Wire application settings/about section

Verify Fix Applied:

Verify wire-avs version is 9.2.22 or higher, or 9.3.5 or higher. Check Wire application version matches patched releases.

📡 Detection & Monitoring

Log Indicators:

Unexpected crashes of Wire AVS processes
Abnormal format string patterns in Wire logs
Memory access violation errors

Network Indicators:

Unusual traffic patterns to Wire AVS ports
Malformed signaling packets

SIEM Query:

source="wire-avs" AND (severity="critical" OR message="*format*" OR message="*segfault*")

📊 Metadata

CVE ID: CVE-2023-48221

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:H

CWE: CWE-134

Published: November 20, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/wireapp/wire-avs/commit/364c3326a1331a84607bce2e17126306d39150cd Patch
https://github.com/wireapp/wire-avs/security/advisories/GHSA-m4xg-fcr3-w3pq Patch,Vendor Advisory
https://github.com/wireapp/wire-avs/commit/364c3326a1331a84607bce2e17126306d39150cd Patch
https://github.com/wireapp/wire-avs/security/advisories/GHSA-m4xg-fcr3-w3pq Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-48221, you might also want to check these: