CVE-2021-41193— Use of Externally-Controlled Format String in wire-avs
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-41193
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Use of Externally-Controlled Format String in wire-avs
Source: NVD (National Vulnerability Database)
Vulnerability Description
wire-avs is the audio visual signaling (AVS) component of Wire, an open-source messenger. A remote format string vulnerability in versions prior to 7.1.12 allows an attacker to cause a denial of service or possibly execute arbitrary code. The issue has been fixed in wire-avs 7.1.12. There are currently no known workarounds.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用外部控制的格式字符串
Source: NVD (National Vulnerability Database)
Vulnerability Title
Wire-AVS 格式化字符串错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Wire-AVS是该存储库是 Wire 源代码的一部分。 Wire-AVS存在格式化字符串错误漏洞,该漏洞允许攻击者可利用该漏洞导致拒绝服务或可能执行任意代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2021-41193
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-41193
请登录查看更多情报信息。
- https://github.com/wireapp/wire-avs/security/advisories/GHSA-2j6v-xpf3-xvrvx_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2021-41193
IV. Related Vulnerabilities
Same vendor: wireapp
- CVE-2025-49846
wire-ios accidentally logs message contents - CVE-2025-48066
wire-webapp has no database deletion on client logout - CVE-2025-48061
wire-webapp Has Insufficient Session Invalidation after User - CVE-2023-48221
wire-avs remote format string vulnerability - CVE-2023-22737
wire-server vulnerable to unauthorized removal of Bots from
Same weakness: CWE-134
- CVE-2026-44407
Remote Denial of Service Vulnerability Exists in ZTE Cloud P - CVE-2026-6539
Notepad++ 8.9.3 Format String Injection via nativeLang.xml - CVE-2026-6843
Nano: nano: format string vulnerability leads to denial of s - CVE-2026-3509
CODESYS Control Audit Log Format String DoS - CVE-2026-33210
Ruby JSON has a format string injection vulnerability
V. Comments for CVE-2021-41193
No comments yet