Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2021-41193

CRITICAL
Published 2022-03-01T18:25:22.000Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2021-41193. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
9.8
/10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14
0.015
probability
of exploitation in the wild

There is a 1.5% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25
Exploit Probability
Percentile: 0.805
Higher than 80.5% of all CVEs

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED

Impact Metrics

Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Description

wire-avs is the audio visual signaling (AVS) component of Wire, an open-source messenger. A remote format string vulnerability in versions prior to 7.1.12 allows an attacker to cause a denial of service or possibly execute arbitrary code. The issue has been fixed in wire-avs 7.1.12. There are currently no known workarounds.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

wireapp

wire-avs

Affected Versions:

< 7.1.12

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed HIGH

Use of Externally-Controlled Format String in wire-avs

GHSA-2j6v-xpf3-xvrv

Advisory Details

### Impact A remote format string vulnerability allowed an attacker to cause a denial of service or possibly execute arbitrary code. ### Patches * The issue has been fixed in wire-avs 7.1.12 and is already included on all Wire products (currently used version is 8.0.x) ### Workarounds * No workaround known ### References * Fixed in commit https://github.com/wireapp/wire-avs/commit/40d373ede795443ae6f2f756e9fb1f4f4ae90bbe ### For more information If you have any questions or comments about this advisory feel free to email us at [[email protected]](mailto:[email protected])

Affected Packages

Maven com.wire:avs
ECOSYSTEM: ≥0 <7.1.12

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

WEB https://github.com/wireapp/wire-avs/security/advisories/GHSA-2j6v-xpf3-xvrv
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-41193
WEB https://github.com/wireapp/wire-avs/commit/40d373ede795443ae6f2f756e9fb1f4f4ae90bbe
WEB https://github.com/wireapp/wire-avs

Advisory provided by GitHub Security Advisory Database. Published: March 1, 2022, Modified: March 10, 2022

References

https://github.com/wireapp/wire-avs/security/advisories/GHSA-2j6v-xpf3-xvrv
https://github.com/wireapp/wire-avs/commit/40d373ede795443ae6f2f756e9fb1f4f4ae90bbe
Published: 2022-03-01T18:25:22.000Z
Last Modified: 2025-04-23T18:59:49.177Z
Copied to clipboard!