freeswitch

freeswitch copied to clipboard

The project currently includes sources from the MiniUPnP project, located in the freeswitch/libs/miniupnpc/ directory. However those sources are pretty old and contain unpatched vulnerabilities like CVE-2015-6031. If MiniUPnP sources are used somewhere, I recommend updating the MiniUPnP files to the latest version. My report was primarily based on a static analysis tool developed at CAST, which flagged the potential vulnerability due to similarities in the codebase.