High severityNVD Advisory· Published Mar 1, 2022· Updated Apr 23, 2025
Use of Externally-Controlled Format String in wire-avs
CVE-2021-41193
Description
wire-avs is the audio visual signaling (AVS) component of Wire, an open-source messenger. A remote format string vulnerability in versions prior to 7.1.12 allows an attacker to cause a denial of service or possibly execute arbitrary code. The issue has been fixed in wire-avs 7.1.12. There are currently no known workarounds.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.wire:avsMaven | < 7.1.12 | 7.1.12 |
Affected products
2Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-2j6v-xpf3-xvrvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-41193ghsaADVISORY
- github.com/wireapp/wire-avs/commit/40d373ede795443ae6f2f756e9fb1f4f4ae90bbeghsax_refsource_MISCWEB
- github.com/wireapp/wire-avs/security/advisories/GHSA-2j6v-xpf3-xvrvghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.