← Back

CVE-2026-49847

nvd nist
Published: Jun 9, 2026Modified: Jun 10, 2026

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: security-advisories@github.com (Secondary)

Description

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, a single unauthenticated WebSocket frame containing a deeply nested JSON document crashes the FreeSWITCH process via stack overflow, terminating all calls and sessions on the host. The recursion drives the worker thread's stack pointer into the stack guard page, raising SIGSEGV from the kernel before any usable write primitive develops. This issue has been patched in version 1.11.1.

Affected (1)

Freeswitch
1 product
Freeswitch
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Freeswitch
Before 1.11.1

Related CWEs

CWE-674
Uncontrolled Recursion
The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

References (2)

Source: security-advisories@github.com
Release Notes
Source: security-advisories@github.com
Third Party Advisory

Timeline

No history available yet.