CVE-2023-40018: 
FreeSWITCH vulnerability analysis and mitigation

FreeSWITCH, a Software Defined Telecom Stack, was found to contain a critical vulnerability (CVE-2023-40018) prior to version 1.10.10. The vulnerability allows remote users to trigger an out-of-bounds write by offering an ICE candidate with an unknown component ID. This security issue was discovered and disclosed on September 15, 2023 (NVD, GitHub Advisory).

The vulnerability occurs when an SDP (Session Description Protocol) is offered with ICE candidates containing unknown component IDs, causing FreeSWITCH to perform an out-of-bounds write to its arrays. The issue can be triggered using ICE candidates with component IDs such as 0, x, or 100. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 HIGH, with attack vector: Network, attack complexity: Low, privileges required: None, user interaction: None, scope: Unchanged, confidentiality: None, integrity: None, and availability: High (GitHub Advisory).

By exploiting this vulnerability, an attacker can corrupt FreeSWITCH memory, leading to undefined behavior of the system or causing it to crash. The primary impact is on system availability, with no direct effect on confidentiality or integrity (GitHub Advisory).

The vulnerability has been patched in FreeSWITCH version 1.10.10. Users are strongly encouraged to upgrade to this version or later to address the security issue. The fix was released as part of a major update that included critical security fixes and other improvements (Release Notes).