Security Vulnerabilities
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, a STUN packet whose declared attribute length is shorter than the structure the parser casts to causes the parser to read and write past the end of the attribute, producing an out-of-bounds memory access on the per-leg media buffer. This issue has been patched in version 1.11.0.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-06-09
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, esl_recv_event() parses Content-Length with atol() and passes the result straight to malloc(len + 1) with no sign or magnitude check. A malicious or man-in-the-middle ESL peer can send a frame with a negative Content-Length to corrupt the heap of, or crash, any process linked against libesl, before the client has authenticated to that peer. This issue has been patched in version 1.11.1.
CVSS Score
9.1
EPSS Score
0.001
Published
2026-06-09
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, the mod_verto HTTP request handler allocates a fixed 2 MiB buffer for a POST application/x-www-form-urlencoded body but accepts Content-Length up to just under 10 MiB. The body-read loop is bounded by Content-Length rather than the buffer size, producing an attacker-controlled heap overflow of up to ~8 MiB -- before the HTTP basic-auth check runs. This issue has been patched in version 1.11.1.
CVSS Score
9.8
EPSS Score
0.0
Published
2026-06-09
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.
CVSS Score
7.8
EPSS Score
0.001
Published
2026-06-09
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVSS Score
7.9
EPSS Score
0.001
Published
2026-06-09
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVSS Score
7.9
EPSS Score
0.003
Published
2026-06-09
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVSS Score
7.9
EPSS Score
0.001
Published
2026-06-09
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.001
Published
2026-06-09
Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.
CVSS Score
7.5
EPSS Score
0.012
Published
2026-06-09
Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
CVSS Score
5.5
EPSS Score
0.001
Published
2026-06-09