{"id":"CVE-2020-27853","details":"Wire before 2020-10-16 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a format string. This affects Wire AVS (Audio, Video, and Signaling) 5.3 through 6.x before 6.4, the Wire Secure Messenger application before 3.49.918 for Android, and the Wire Secure Messenger application before 3.61 for iOS. This occurs via the value parameter to sdp_media_set_lattr in peerflow/sdp.c.","modified":"2026-04-10T04:26:40.165057Z","published":"2020-10-27T18:15:12.620Z","references":[{"type":"EVIDENCE","url":"http://github.security.telekom.com/2020/11/wire-secure-messenger-format-string-vulnerability.html"},{"type":"EVIDENCE","url":"https://github.com/wireapp/wire-audio-video-signaling/issues/23#issuecomment-710075689"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wireapp/wire-desktop","events":[{"introduced":"0"},{"fixed":"72df6348883d2d0fbb08fc0725ef42ac89d5e946"},{"introduced":"0"},{"fixed":"72df6348883d2d0fbb08fc0725ef42ac89d5e946"},{"introduced":"0"},{"fixed":"72df6348883d2d0fbb08fc0725ef42ac89d5e946"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.21.2936"},{"introduced":"0"},{"fixed":"3.21.3932"},{"introduced":"0"},{"fixed":"3.21.3959"}]}}],"versions":["1.0.0","linux/3.12.2916","linux/3.16.2923","linux/3.17.2924","linux/3.5.2881","linux/3.6.2885","linux/3.7.2891","linux/3.8.2894","linux/3.9.2895","macos/2.15.2750","macos/2907","macos/3.12.3490","macos/3.16.3630","macos/3.17.3666","macos/3.6.2923","macos/3.7.2930","macos/3.8.2940","macos/3.9.2943","release/2.10.2650","release/2.10.2651","release/2.10.2653","release/2.10.2654","release/2.11.2655","release/2.11.2656","release/2.11.2657","release/2.11.2658","release/2.11.2659","release/2.11.2660","release/2.11.2661","release/2.11.2662","release/2.11.2663","release/2.11.2664","release/2.11.2665","release/2.11.2666","release/2.11.2667","release/2.11.2668","release/2.11.2669","release/2.11.2670","release/2.11.2671","release/2.11.2672","release/2.11.2673","release/2.11.2674","release/2.11.2675","release/2.11.2676","release/2.11.2677","release/2.11.2678","release/2.11.2679","release/2.11.2680","release/2.11.2681","release/2.11.2682","release/2.11.2683","release/2.11.2684","release/2.11.2685","release/2.11.2686","release/2.11.2687","release/2.11.2688","release/2.11.2689","release/2.11.2690","release/2.11.2691","release/2.11.2692","release/2.11.2693","release/2.11.2694","release/2.11.2695","release/2.11.2696","release/2.11.2697","release/2.11.2698","release/2.11.2699","release/2.11.2700","release/2.11.2701","release/2.11.2702","release/2.11.2703","release/2.11.2704","release/2.11.2705","release/2.11.2706","release/2.11.2708","release/2.11.2709","release/2.11.2710","release/2.11.2711","release/2.11.2712","release/2.11.2713","release/2.11.2714","release/2.11.2715","release/2.11.2716","release/2.11.2717","release/2.11.2718","release/2.11.2719","release/2.11.2720","release/2.11.2721","release/2.11.2722","release/2.11.2723","release/2.12.2725","release/2.12.2726","release/2.12.2727","release/2.12.2728","release/2.12.2729","release/2.13.2724","release/2.13.2730","release/2.13.2731","release/2.13.2732","release/2.13.2733","release/2.13.2734","release/2.13.2735","release/2.13.2736","release/2.13.2737","release/2.13.2738","release/2.13.2739","release/2.13.2740","release/2.13.2741","release/2.13.2742","release/2.14.2743","release/2.14.2744","release/2.15.2745","release/2.15.2746","release/2.15.2747","release/2.15.2748","release/2.15.2749","release/2.15.2750","release/2.15.2751","release/2.16.2806","release/2.17.2808","release/2.17.2813","release/2.9.2644","release/2.9.2645","release/2.9.2646","release/2.9.2647","release/2.9.2648","release/2.9.2649","release/2883","release/2899","release/3.0.2814","release/3.0.2816","release/3.0.2828","release/3.1.2822","release/3.2.2840","release/3.2.2860","release/3.3.2862","release/3.3.2868","release/3.3.2872","release/3.4.2879","release/3.4.2883","release/3.4.2885","windows/3.12.3423","windows/3.16.3562","windows/3.17.3598","windows/3.5.2899","windows/3.6.2908","windows/3.7.2917","windows/3.8.2927","windows/3.9.2928"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"5.3"},{"fixed":"6.4"}]},{"events":[{"introduced":"0"},{"fixed":"3.49.918"}]},{"events":[{"introduced":"0"},{"fixed":"3.61"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-27853.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}