216.73.217.64

CVE-2026-49840

· Published 09/06/2026 17:17 · Modified 10/06/2026 15:06

Labels: CVE-2026-49840 2026-06-09CVE-2026-49840CWE-20[email protected]

Essential information

Published
09/06/2026 17:17
Modified
10/06/2026 15:06
Author
Creator
CVSS
9.1 CRITICAL (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CVSS metrics

Description

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, esl_recv_event() parses Content-Length with atol() and passes the result straight to malloc(len + 1) with no sign or magnitude check. A malicious or man-in-the-middle ESL peer can send a frame with a negative Content-Length to corrupt the heap of, or crash, any process linked against libesl, before the client has authenticated to that peer. This issue has been patched in version 1.11.1.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
freeswitch / freeswitch cpe:2.3:a:freeswitch:freeswitch:*:*:*:*:*:*:*:*

References