Vulnerabilites related to signal - private_messenger
Vulnerability from fkie_nvd
Published
2018-12-10 17:29
Modified
2024-11-21 04:06
Severity ?
Summary
Signal Messenger for Android 4.24.8 may expose private information when using "disappearing messages." If a user uses the photo feature available in the "attach file" menu, then Signal will leave the picture in its own cache directory, which is available to any application on the system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| talos-cna@cisco.com | http://www.securityfocus.com/bid/106207 | Broken Link, Third Party Advisory, VDB Entry | |
| talos-cna@cisco.com | https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0656 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106207 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0656 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| signal | private_messenger | 4.24.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:signal:private_messenger:4.24.8:*:*:*:*:android:*:*",
"matchCriteriaId": "407833ED-FFBA-4F3A-95A7-25377A0E0832",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Signal Messenger for Android 4.24.8 may expose private information when using \"disappearing messages.\" If a user uses the photo feature available in the \"attach file\" menu, then Signal will leave the picture in its own cache directory, which is available to any application on the system."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos explotable en la funcionalidad del servidor web de los productos Moxa NPort W2x50A con firmware en versiones anteriores a la 2.2 Build_18082311. Una petici\u00f3n HTTP POST especialmente manipulada en /goform/net_WebPingGetValue puede resultar en la ejecuci\u00f3n de comandos del sistema operativo como usuario root. Esto es similar a CVE-2017-12120."
}
],
"id": "CVE-2018-3988",
"lastModified": "2024-11-21T04:06:26.643",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "talos-cna@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-10T17:29:00.270",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106207"
},
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0656"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106207"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0656"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-24 02:29
Modified
2024-11-21 04:52
Severity ?
Summary
Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/107550 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/blazeinfosec/advisories/blob/master/signal-advisory.txt | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/107550 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/blazeinfosec/advisories/blob/master/signal-advisory.txt | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| signal | private_messenger | * | |
| signal | signal-desktop | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:signal:private_messenger:*:*:*:*:*:android:*:*",
"matchCriteriaId": "62886A5F-FA19-4E16-8E1E-195302310554",
"versionEndIncluding": "4.35.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:signal:signal-desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AB79BE-52F8-409C-99FA-BB273862CDB4",
"versionEndIncluding": "1.23.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets."
},
{
"lang": "es",
"value": "Open Whisper Signal (tambi\u00e9n conocido como Signal-Desktop) hasta la versi\u00f3n 1.23.1, as\u00ed como la aplicaci\u00f3n Signal Private Messenger hasta la versi\u00f3n 4.35.3 para Android, son vulnerables a un ataque hom\u00f3grafo IDN al mostrar mensajes que contienen URL. Esto ocurre debido a que la aplicaci\u00f3n produce un enlace clicable incluso si, por ejemplo, existen caracteres latinos y cir\u00edlicos en el mismo nombre de dominio y la fuente disponible tiene una representaci\u00f3n id\u00e9ntica de caracteres de diferentes alfabetos."
}
],
"id": "CVE-2019-9970",
"lastModified": "2024-11-21T04:52:42.287",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-24T02:29:00.670",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107550"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/blazeinfosec/advisories/blob/master/signal-advisory.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/blazeinfosec/advisories/blob/master/signal-advisory.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-20 14:15
Modified
2024-11-21 05:34
Severity ?
Summary
Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a victim's Signal phone and disclose currently used DNS server due to ICE Candidate handling before call is answered or declined.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2020-33 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2020-33 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| signal | private_messenger | * | |
| signal | signal | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:signal:private_messenger:*:*:*:*:*:android:*:*",
"matchCriteriaId": "6D4C2970-8FA4-4F09-B53F-43A89A1A0989",
"versionEndIncluding": "4.59.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:signal:signal:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "97DA7B29-5496-46D9-BDAC-F0295C01F720",
"versionEndIncluding": "3.8.1.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a victim\u0027s Signal phone and disclose currently used DNS server due to ICE Candidate handling before call is answered or declined."
},
{
"lang": "es",
"value": "Signal Private Messenger Android versiones v4.59.0 y superiores e iOS versiones v3.8.1.5 y superiores, permiten a alguien que no es contacto remoto llamar al tel\u00e9fono Signal de la v\u00edctima y divulgar el servidor DNS usado actualmente debido al manejo de ICE Candidate antes de que la llamada sea contestada o rechazada."
}
],
"id": "CVE-2020-5753",
"lastModified": "2024-11-21T05:34:32.410",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-20T14:15:11.673",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2020-33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2020-33"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-670"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-05 02:15
Modified
2024-11-21 04:31
Severity ?
Summary
The WebRTC component in the Signal Private Messenger application through 4.47.7 for Android processes videoconferencing RTP packets before a callee chooses to answer a call, which might make it easier for remote attackers to cause a denial of service or possibly have unspecified other impact via malformed packets. NOTE: the vendor plans to continue this behavior for performance reasons unless a WebRTC design change occurs
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.chromium.org/p/project-zero/issues/detail?id=1936 | Third Party Advisory | |
| cve@mitre.org | https://news.ycombinator.com/item?id=21161432 | Third Party Advisory | |
| cve@mitre.org | https://twitter.com/moxie/status/1180226374851710976 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.chromium.org/p/project-zero/issues/detail?id=1936 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://news.ycombinator.com/item?id=21161432 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://twitter.com/moxie/status/1180226374851710976 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| signal | private_messenger | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:signal:private_messenger:*:*:*:*:*:android:*:*",
"matchCriteriaId": "8838ED9C-7AAE-41A7-A8FF-4C5642252409",
"versionEndIncluding": "4.47.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The WebRTC component in the Signal Private Messenger application through 4.47.7 for Android processes videoconferencing RTP packets before a callee chooses to answer a call, which might make it easier for remote attackers to cause a denial of service or possibly have unspecified other impact via malformed packets. NOTE: the vendor plans to continue this behavior for performance reasons unless a WebRTC design change occurs"
},
{
"lang": "es",
"value": "** EN DISPUTA ** El componente WebRTC en la aplicaci\u00f3n Signal Private Messenger versiones hasta 4.47.7 para Android, procesa paquetes RTP de videoconferencia antes de que una persona que llama elija responder una llamada, lo que podr\u00eda hacer mas f\u00e1cil para los atacantes remotos causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado por medio de paquetes malformados. NOTA: el proveedor planea seguir con este comportamiento por razones de rendimiento a menos de que ocurra un cambio en el dise\u00f1o de WebRTC."
}
],
"id": "CVE-2019-17192",
"lastModified": "2024-11-21T04:31:50.137",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-05T02:15:11.377",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1936"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://news.ycombinator.com/item?id=21161432"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/moxie/status/1180226374851710976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1936"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://news.ycombinator.com/item?id=21161432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/moxie/status/1180226374851710976"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-670"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-05 02:15
Modified
2024-11-21 04:31
Severity ?
Summary
The Signal Private Messenger application before 4.47.7 for Android allows a caller to force a call to be answered, without callee user interaction, via a connect message. The existence of the call is noticeable to the callee; however, the audio channel may be open before the callee can block eavesdropping.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.chromium.org/p/project-zero/issues/detail?id=1943 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://news.ycombinator.com/item?id=21161432 | Exploit, Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://twitter.com/moxie/status/1180261210341511168 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.chromium.org/p/project-zero/issues/detail?id=1943 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://news.ycombinator.com/item?id=21161432 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://twitter.com/moxie/status/1180261210341511168 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| signal | private_messenger | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:signal:private_messenger:*:*:*:*:*:android:*:*",
"matchCriteriaId": "843D1ABD-4EB8-4BAF-987D-6A51D11C2C10",
"versionEndExcluding": "4.47.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Signal Private Messenger application before 4.47.7 for Android allows a caller to force a call to be answered, without callee user interaction, via a connect message. The existence of the call is noticeable to the callee; however, the audio channel may be open before the callee can block eavesdropping."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n Signal Private Messenger versiones anteriores a 4.47.7 para Android, permite a la persona que llama forzar una llamada para ser respondida, sin interacci\u00f3n del usuario llamado, por medio de un mensaje de conexi\u00f3n. La existencia de la llamada es notable para la persona que llama; sin embargo, el canal de audio puede estar abierto antes de que la persona que llama pueda bloquear las escuchas."
}
],
"id": "CVE-2019-17191",
"lastModified": "2024-11-21T04:31:50.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-05T02:15:11.300",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1943"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://news.ycombinator.com/item?id=21161432"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/moxie/status/1180261210341511168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1943"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://news.ycombinator.com/item?id=21161432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/moxie/status/1180261210341511168"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2019-9970 (GCVE-0-2019-9970)
Vulnerability from cvelistv5
Published
2019-03-24 01:52
Modified
2024-08-04 22:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/107550 | vdb-entry, x_refsource_BID | |
| https://github.com/blazeinfosec/advisories/blob/master/signal-advisory.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:08.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "107550",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107550"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/blazeinfosec/advisories/blob/master/signal-advisory.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-25T19:14:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "107550",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107550"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/blazeinfosec/advisories/blob/master/signal-advisory.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107550",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107550"
},
{
"name": "https://github.com/blazeinfosec/advisories/blob/master/signal-advisory.txt",
"refsource": "MISC",
"url": "https://github.com/blazeinfosec/advisories/blob/master/signal-advisory.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9970",
"datePublished": "2019-03-24T01:52:33",
"dateReserved": "2019-03-23T00:00:00",
"dateUpdated": "2024-08-04T22:10:08.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5753 (GCVE-0-2020-5753)
Vulnerability from cvelistv5
Published
2020-05-20 13:40
Modified
2024-08-04 08:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
Summary
Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a victim's Signal phone and disclose currently used DNS server due to ICE Candidate handling before call is answered or declined.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2020-33 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Signal Private Messenger |
Version: Android versions v4.59.0 and up, iOS versions v3.8.1.5 and up |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2020-33"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Signal Private Messenger",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Android versions v4.59.0 and up, iOS versions v3.8.1.5 and up"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a victim\u0027s Signal phone and disclose currently used DNS server due to ICE Candidate handling before call is answered or declined."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-20T13:40:19",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2020-33"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2020-5753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Signal Private Messenger",
"version": {
"version_data": [
{
"version_value": "Android versions v4.59.0 and up, iOS versions v3.8.1.5 and up"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a victim\u0027s Signal phone and disclose currently used DNS server due to ICE Candidate handling before call is answered or declined."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2020-33",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2020-33"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2020-5753",
"datePublished": "2020-05-20T13:40:19",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:39:25.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-3988 (GCVE-0-2018-3988)
Vulnerability from cvelistv5
Published
2018-12-10 17:00
Modified
2024-08-05 04:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- privacy violation
Summary
Signal Messenger for Android 4.24.8 may expose private information when using "disappearing messages." If a user uses the photo feature available in the "attach file" menu, then Signal will leave the picture in its own cache directory, which is available to any application on the system.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/106207 | vdb-entry, x_refsource_BID | |
| https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0656 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:57:24.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106207",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106207"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0656"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Signal",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Signal Messenger Android 4.24.8"
}
]
}
],
"datePublic": "2018-12-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Signal Messenger for Android 4.24.8 may expose private information when using \"disappearing messages.\" If a user uses the photo feature available in the \"attach file\" menu, then Signal will leave the picture in its own cache directory, which is available to any application on the system."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "privacy violation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:07:36",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "106207",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106207"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0656"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2018-3988",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Signal",
"version": {
"version_data": [
{
"version_value": "Signal Messenger Android 4.24.8"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Signal Messenger for Android 4.24.8 may expose private information when using \"disappearing messages.\" If a user uses the photo feature available in the \"attach file\" menu, then Signal will leave the picture in its own cache directory, which is available to any application on the system."
}
]
},
"impact": {
"cvss": {
"baseScore": 3.3,
"baseSeverity": "Low",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privacy violation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106207",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106207"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0656",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0656"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2018-3988",
"datePublished": "2018-12-10T17:00:00",
"dateReserved": "2018-01-02T00:00:00",
"dateUpdated": "2024-08-05T04:57:24.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17192 (GCVE-0-2019-17192)
Vulnerability from cvelistv5
Published
2019-10-05 01:13
Modified
2024-08-05 01:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The WebRTC component in the Signal Private Messenger application through 4.47.7 for Android processes videoconferencing RTP packets before a callee chooses to answer a call, which might make it easier for remote attackers to cause a denial of service or possibly have unspecified other impact via malformed packets. NOTE: the vendor plans to continue this behavior for performance reasons unless a WebRTC design change occurs
References
| ▼ | URL | Tags |
|---|---|---|
| https://news.ycombinator.com/item?id=21161432 | x_refsource_MISC | |
| https://twitter.com/moxie/status/1180226374851710976 | x_refsource_MISC | |
| https://bugs.chromium.org/p/project-zero/issues/detail?id=1936 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:17.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=21161432"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/moxie/status/1180226374851710976"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1936"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The WebRTC component in the Signal Private Messenger application through 4.47.7 for Android processes videoconferencing RTP packets before a callee chooses to answer a call, which might make it easier for remote attackers to cause a denial of service or possibly have unspecified other impact via malformed packets. NOTE: the vendor plans to continue this behavior for performance reasons unless a WebRTC design change occurs"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-05T01:13:31",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://news.ycombinator.com/item?id=21161432"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/moxie/status/1180226374851710976"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1936"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17192",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** The WebRTC component in the Signal Private Messenger application through 4.47.7 for Android processes videoconferencing RTP packets before a callee chooses to answer a call, which might make it easier for remote attackers to cause a denial of service or possibly have unspecified other impact via malformed packets. NOTE: the vendor plans to continue this behavior for performance reasons unless a WebRTC design change occurs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://news.ycombinator.com/item?id=21161432",
"refsource": "MISC",
"url": "https://news.ycombinator.com/item?id=21161432"
},
{
"name": "https://twitter.com/moxie/status/1180226374851710976",
"refsource": "MISC",
"url": "https://twitter.com/moxie/status/1180226374851710976"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1936",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1936"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17192",
"datePublished": "2019-10-05T01:13:31",
"dateReserved": "2019-10-05T00:00:00",
"dateUpdated": "2024-08-05T01:33:17.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17191 (GCVE-0-2019-17191)
Vulnerability from cvelistv5
Published
2019-10-05 01:15
Modified
2024-08-05 01:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Signal Private Messenger application before 4.47.7 for Android allows a caller to force a call to be answered, without callee user interaction, via a connect message. The existence of the call is noticeable to the callee; however, the audio channel may be open before the callee can block eavesdropping.
References
| ▼ | URL | Tags |
|---|---|---|
| https://news.ycombinator.com/item?id=21161432 | x_refsource_MISC | |
| https://twitter.com/moxie/status/1180261210341511168 | x_refsource_MISC | |
| https://bugs.chromium.org/p/project-zero/issues/detail?id=1943 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:17.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=21161432"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/moxie/status/1180261210341511168"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1943"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Signal Private Messenger application before 4.47.7 for Android allows a caller to force a call to be answered, without callee user interaction, via a connect message. The existence of the call is noticeable to the callee; however, the audio channel may be open before the callee can block eavesdropping."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-05T01:15:51",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://news.ycombinator.com/item?id=21161432"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/moxie/status/1180261210341511168"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1943"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17191",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Signal Private Messenger application before 4.47.7 for Android allows a caller to force a call to be answered, without callee user interaction, via a connect message. The existence of the call is noticeable to the callee; however, the audio channel may be open before the callee can block eavesdropping."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://news.ycombinator.com/item?id=21161432",
"refsource": "MISC",
"url": "https://news.ycombinator.com/item?id=21161432"
},
{
"name": "https://twitter.com/moxie/status/1180261210341511168",
"refsource": "MISC",
"url": "https://twitter.com/moxie/status/1180261210341511168"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1943",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1943"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17191",
"datePublished": "2019-10-05T01:15:51",
"dateReserved": "2019-10-05T00:00:00",
"dateUpdated": "2024-08-05T01:33:17.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}