Vulnerabilites related to signal - signal
Vulnerability from fkie_nvd
Published
2022-04-15 06:15
Modified
2024-11-21 06:57
Severity ?
Summary
The Signal app before 5.34 for iOS allows URI spoofing via RTLO injection. It incorrectly renders RTLO encoded URLs beginning with a non-breaking space, when there is a hash character in the URL. This technique allows a remote unauthenticated attacker to send legitimate looking links, appearing to be any website URL, by abusing the non-http/non-https automatic rendering of URLs. An attacker can spoof, for example, example.com, and masquerade any URL with a malicious destination. An attacker requires a subdomain such as gepj, txt, fdp, or xcod, which would appear backwards as jpeg, txt, pdf, and docx respectively.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.malwarebytes.com/social-engineering/2022/03/uri-spoofing-flaw-could-phish-whatsapp-signal-instagram-and-imessage-users/ | Third Party Advisory | |
| cve@mitre.org | https://github.com/sickcodes/security/blob/master/advisories/SICK-2022-42.md | Exploit, Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/zadewg/RIUS | Third Party Advisory | |
| cve@mitre.org | https://sick.codes/sick-2022-42 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.malwarebytes.com/social-engineering/2022/03/uri-spoofing-flaw-could-phish-whatsapp-signal-instagram-and-imessage-users/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/sickcodes/security/blob/master/advisories/SICK-2022-42.md | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/zadewg/RIUS | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sick.codes/sick-2022-42 | Exploit, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:signal:signal:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "A40A9262-F4AF-4C2B-AAAE-019AA0E87976",
"versionEndExcluding": "5.34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Signal app before 5.34 for iOS allows URI spoofing via RTLO injection. It incorrectly renders RTLO encoded URLs beginning with a non-breaking space, when there is a hash character in the URL. This technique allows a remote unauthenticated attacker to send legitimate looking links, appearing to be any website URL, by abusing the non-http/non-https automatic rendering of URLs. An attacker can spoof, for example, example.com, and masquerade any URL with a malicious destination. An attacker requires a subdomain such as gepj, txt, fdp, or xcod, which would appear backwards as jpeg, txt, pdf, and docx respectively."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n Signal versiones anteriores a 5.34 para iOS permite una suplantaci\u00f3n de URI por medio de una inyecci\u00f3n de RTLO. Representa incorrectamente las URL codificadas con RTLO que comienzan con un espacio sin romper, cuando se presenta un car\u00e1cter de hash en la URL. Esta t\u00e9cnica permite a un atacante remoto no autenticado enviar enlaces de aspecto leg\u00edtimo, aparentando ser cualquier URL de un sitio web, al abusar de la renderizaci\u00f3n autom\u00e1tica de URLs no http/no https. Un atacante puede falsificar, por ejemplo, example.com, y enmascarar cualquier URL con un destino malicioso. Un atacante requiere un subdominio como gepj, txt, fdp o xcod, que aparecer\u00edan al rev\u00e9s como jpeg, txt, pdf y docx respectivamente"
}
],
"id": "CVE-2022-28345",
"lastModified": "2024-11-21T06:57:10.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-15T06:15:06.597",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.malwarebytes.com/social-engineering/2022/03/uri-spoofing-flaw-could-phish-whatsapp-signal-instagram-and-imessage-users/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/sickcodes/security/blob/master/advisories/SICK-2022-42.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/zadewg/RIUS"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://sick.codes/sick-2022-42"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.malwarebytes.com/social-engineering/2022/03/uri-spoofing-flaw-could-phish-whatsapp-signal-instagram-and-imessage-users/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/sickcodes/security/blob/master/advisories/SICK-2022-42.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/zadewg/RIUS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://sick.codes/sick-2022-42"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-10 05:29
Modified
2024-11-21 04:15
Severity ?
Summary
The Open Whisper Signal app before 2.23.2 for iOS allows physically proximate attackers to bypass the screen locker feature via certain rapid sequences of actions that include app opening, clicking on cancel, and using the home button.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://nint.en.do/Signal-Bypass-Screen-locker.php | Broken Link, Third Party Advisory | |
| cve@mitre.org | https://github.com/signalapp/Signal-iOS/commit/018a35df7b42b4941cb4dfc9f462b37c3fafd9e9 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/signalapp/Signal-iOS/commits/release/2.23.2 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://nint.en.do/Signal-Bypass-Screen-locker.php | Broken Link, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/signalapp/Signal-iOS/commit/018a35df7b42b4941cb4dfc9f462b37c3fafd9e9 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/signalapp/Signal-iOS/commits/release/2.23.2 | Issue Tracking, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:signal:signal:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "E791C3AF-A1F9-4564-AAB1-FAE3D608F176",
"versionEndExcluding": "2.23.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Open Whisper Signal app before 2.23.2 for iOS allows physically proximate attackers to bypass the screen locker feature via certain rapid sequences of actions that include app opening, clicking on cancel, and using the home button."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n Open Whisper Signal, en versiones anteriores a la 2.23.2 para iOS, permite que atacantes cercanos f\u00edsicamente omitan la caracter\u00edstica de bloqueo de pantalla mediante determinadas secuencias r\u00e1pidas de acciones que incluyen la apertura de apps, clics en cancelar y el uso del bot\u00f3n de inicio."
}
],
"id": "CVE-2018-9840",
"lastModified": "2024-11-21T04:15:46.933",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-10T05:29:00.207",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "http://nint.en.do/Signal-Bypass-Screen-locker.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/signalapp/Signal-iOS/commit/018a35df7b42b4941cb4dfc9f462b37c3fafd9e9"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/signalapp/Signal-iOS/commits/release/2.23.2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "http://nint.en.do/Signal-Bypass-Screen-locker.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/signalapp/Signal-iOS/commit/018a35df7b42b4941cb4dfc9f462b37c3fafd9e9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/signalapp/Signal-iOS/commits/release/2.23.2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-06 04:15
Modified
2025-09-17 19:21
Severity ?
3.8 (Low) - CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
6.4 (Medium) - CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
6.4 (Medium) - CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was found in Signal App 7.41.4 on Android. It has been declared as problematic. This vulnerability affects unknown code of the component Biometric Authentication Handler. The manipulation leads to missing critical step in authentication. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://drive.google.com/file/d/1tI0bC8X8546ActlzGlmSU-AhCdD950y4/view?usp=drivesdk | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.311236 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.311236 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.585069 | Third Party Advisory, VDB Entry | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://drive.google.com/file/d/1tI0bC8X8546ActlzGlmSU-AhCdD950y4/view | Exploit |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:signal:signal:7.41.4:*:*:*:*:android:*:*",
"matchCriteriaId": "76AE7D44-EC87-40D3-BCD0-F30C35B79CA1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Signal App 7.41.4 on Android. It has been declared as problematic. This vulnerability affects unknown code of the component Biometric Authentication Handler. The manipulation leads to missing critical step in authentication. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Signal App 7.41.4 para Android. Se ha declarado problem\u00e1tica. Esta vulnerabilidad afecta al c\u00f3digo desconocido del componente Biometric Authentication Handler. La manipulaci\u00f3n provoca la omisi\u00f3n de un paso cr\u00edtico en la autenticaci\u00f3n. Es posible lanzar el ataque al dispositivo f\u00edsico. Es un ataque de complejidad bastante alta. Parece dif\u00edcil de explotar. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-5715",
"lastModified": "2025-09-17T19:21:15.010",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 1.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.4,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "PHYSICAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 1.0,
"baseSeverity": "LOW",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:P/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-06-06T04:15:55.747",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit"
],
"url": "https://drive.google.com/file/d/1tI0bC8X8546ActlzGlmSU-AhCdD950y4/view?usp=drivesdk"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.311236"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.311236"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.585069"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit"
],
"url": "https://drive.google.com/file/d/1tI0bC8X8546ActlzGlmSU-AhCdD950y4/view"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-304"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-29 22:29
Modified
2024-11-21 03:52
Severity ?
Summary
The image rendering component (createGenericPreview) of the Open Whisper Signal app through 2.29.0 for iOS fails to check for unreasonably large images before manipulating received images. This allows for a large image sent to a user to exhaust all available memory when the image is displayed, resulting in a forced restart of the device.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/bugtraq/2018/Aug/57 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/bugtraq/2018/Aug/57 | Mailing List, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:signal:signal:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "21BA7940-D19C-49F2-82DF-31F4100F6200",
"versionEndIncluding": "2.29.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The image rendering component (createGenericPreview) of the Open Whisper Signal app through 2.29.0 for iOS fails to check for unreasonably large images before manipulating received images. This allows for a large image sent to a user to exhaust all available memory when the image is displayed, resulting in a forced restart of the device."
},
{
"lang": "es",
"value": "El componente de renderizado de im\u00e1genes (createGenericPreview) de la aplicaci\u00f3n Open Whisper Signal hasta la versi\u00f3n 2.29.0 para iOS no comprueba si hay im\u00e1genes demasiado grandes antes de manipular las im\u00e1genes recibidas. Esto permite que una imagen grande enviada a un usuario agote toda la memoria disponible cuando se muestra la imagen, lo que resulta en un reinicio forzado del dispositivo."
}
],
"id": "CVE-2018-16132",
"lastModified": "2024-11-21T03:52:07.783",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-29T22:29:00.353",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/bugtraq/2018/Aug/57"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/bugtraq/2018/Aug/57"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-20 14:15
Modified
2024-11-21 05:34
Severity ?
Summary
Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a victim's Signal phone and disclose currently used DNS server due to ICE Candidate handling before call is answered or declined.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2020-33 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2020-33 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| signal | private_messenger | * | |
| signal | signal | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:signal:private_messenger:*:*:*:*:*:android:*:*",
"matchCriteriaId": "6D4C2970-8FA4-4F09-B53F-43A89A1A0989",
"versionEndIncluding": "4.59.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:signal:signal:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "97DA7B29-5496-46D9-BDAC-F0295C01F720",
"versionEndIncluding": "3.8.1.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a victim\u0027s Signal phone and disclose currently used DNS server due to ICE Candidate handling before call is answered or declined."
},
{
"lang": "es",
"value": "Signal Private Messenger Android versiones v4.59.0 y superiores e iOS versiones v3.8.1.5 y superiores, permiten a alguien que no es contacto remoto llamar al tel\u00e9fono Signal de la v\u00edctima y divulgar el servidor DNS usado actualmente debido al manejo de ICE Candidate antes de que la llamada sea contestada o rechazada."
}
],
"id": "CVE-2020-5753",
"lastModified": "2024-11-21T05:34:32.410",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-20T14:15:11.673",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2020-33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2020-33"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-670"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-5753 (GCVE-0-2020-5753)
Vulnerability from cvelistv5
Published
2020-05-20 13:40
Modified
2024-08-04 08:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
Summary
Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a victim's Signal phone and disclose currently used DNS server due to ICE Candidate handling before call is answered or declined.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2020-33 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Signal Private Messenger |
Version: Android versions v4.59.0 and up, iOS versions v3.8.1.5 and up |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:25.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2020-33"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Signal Private Messenger",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Android versions v4.59.0 and up, iOS versions v3.8.1.5 and up"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a victim\u0027s Signal phone and disclose currently used DNS server due to ICE Candidate handling before call is answered or declined."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-20T13:40:19",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2020-33"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2020-5753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Signal Private Messenger",
"version": {
"version_data": [
{
"version_value": "Android versions v4.59.0 and up, iOS versions v3.8.1.5 and up"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a victim\u0027s Signal phone and disclose currently used DNS server due to ICE Candidate handling before call is answered or declined."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2020-33",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2020-33"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2020-5753",
"datePublished": "2020-05-20T13:40:19",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:39:25.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5715 (GCVE-0-2025-5715)
Vulnerability from cvelistv5
Published
2025-06-06 03:00
Modified
2025-06-09 13:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-304 - Missing Critical Step in Authentication
Summary
A vulnerability was found in Signal App 7.41.4 on Android. It has been declared as problematic. This vulnerability affects unknown code of the component Biometric Authentication Handler. The manipulation leads to missing critical step in authentication. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.311236 | vdb-entry | |
| https://vuldb.com/?ctiid.311236 | signature, permissions-required | |
| https://vuldb.com/?submit.585069 | third-party-advisory | |
| https://drive.google.com/file/d/1tI0bC8X8546ActlzGlmSU-AhCdD950y4/view?usp=drivesdk | exploit |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5715",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T13:48:09.218735Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T13:48:12.498Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/file/d/1tI0bC8X8546ActlzGlmSU-AhCdD950y4/view"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Biometric Authentication Handler"
],
"product": "App",
"vendor": "Signal",
"versions": [
{
"status": "affected",
"version": "7.41.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "S0lidstat3 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Signal App 7.41.4 on Android. It has been declared as problematic. This vulnerability affects unknown code of the component Biometric Authentication Handler. The manipulation leads to missing critical step in authentication. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Signal App 7.41.4 f\u00fcr Android wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Komponente Biometric Authentication Handler. Mit der Manipulation mit unbekannten Daten kann eine missing critical step in authentication-Schwachstelle ausgenutzt werden. Ein Angriff setzt physischen Zugriff auf dem Zielobjekt voraus. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Das Ausnutzen gilt als schwierig. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 1,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:P/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.5,
"vectorString": "AV:L/AC:H/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-304",
"description": "Missing Critical Step in Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-06T03:00:20.411Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-311236 | Signal App Biometric Authentication missing critical step in authentication",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.311236"
},
{
"name": "VDB-311236 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.311236"
},
{
"name": "Submit #585069 | Signal Signal Android App 7.41.4 (Current) Improper Authentication",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.585069"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/file/d/1tI0bC8X8546ActlzGlmSU-AhCdD950y4/view?usp=drivesdk"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-05T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-05T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-05T07:10:40.000Z",
"value": "VulDB entry last update"
}
],
"title": "Signal App Biometric Authentication missing critical step in authentication"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-5715",
"datePublished": "2025-06-06T03:00:20.411Z",
"dateReserved": "2025-06-05T05:05:37.304Z",
"dateUpdated": "2025-06-09T13:48:12.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28345 (GCVE-0-2022-28345)
Vulnerability from cvelistv5
Published
2022-04-15 05:28
Modified
2024-08-03 05:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Signal app before 5.34 for iOS allows URI spoofing via RTLO injection. It incorrectly renders RTLO encoded URLs beginning with a non-breaking space, when there is a hash character in the URL. This technique allows a remote unauthenticated attacker to send legitimate looking links, appearing to be any website URL, by abusing the non-http/non-https automatic rendering of URLs. An attacker can spoof, for example, example.com, and masquerade any URL with a malicious destination. An attacker requires a subdomain such as gepj, txt, fdp, or xcod, which would appear backwards as jpeg, txt, pdf, and docx respectively.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/zadewg/RIUS | x_refsource_MISC | |
| https://sick.codes/sick-2022-42 | x_refsource_MISC | |
| https://github.com/sickcodes/security/blob/master/advisories/SICK-2022-42.md | x_refsource_MISC | |
| https://blog.malwarebytes.com/social-engineering/2022/03/uri-spoofing-flaw-could-phish-whatsapp-signal-instagram-and-imessage-users/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:14.765Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zadewg/RIUS"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sick.codes/sick-2022-42"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sickcodes/security/blob/master/advisories/SICK-2022-42.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.malwarebytes.com/social-engineering/2022/03/uri-spoofing-flaw-could-phish-whatsapp-signal-instagram-and-imessage-users/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Signal app before 5.34 for iOS allows URI spoofing via RTLO injection. It incorrectly renders RTLO encoded URLs beginning with a non-breaking space, when there is a hash character in the URL. This technique allows a remote unauthenticated attacker to send legitimate looking links, appearing to be any website URL, by abusing the non-http/non-https automatic rendering of URLs. An attacker can spoof, for example, example.com, and masquerade any URL with a malicious destination. An attacker requires a subdomain such as gepj, txt, fdp, or xcod, which would appear backwards as jpeg, txt, pdf, and docx respectively."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-20T20:21:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zadewg/RIUS"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sick.codes/sick-2022-42"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sickcodes/security/blob/master/advisories/SICK-2022-42.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.malwarebytes.com/social-engineering/2022/03/uri-spoofing-flaw-could-phish-whatsapp-signal-instagram-and-imessage-users/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-28345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Signal app before 5.34 for iOS allows URI spoofing via RTLO injection. It incorrectly renders RTLO encoded URLs beginning with a non-breaking space, when there is a hash character in the URL. This technique allows a remote unauthenticated attacker to send legitimate looking links, appearing to be any website URL, by abusing the non-http/non-https automatic rendering of URLs. An attacker can spoof, for example, example.com, and masquerade any URL with a malicious destination. An attacker requires a subdomain such as gepj, txt, fdp, or xcod, which would appear backwards as jpeg, txt, pdf, and docx respectively."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/zadewg/RIUS",
"refsource": "MISC",
"url": "https://github.com/zadewg/RIUS"
},
{
"name": "https://sick.codes/sick-2022-42",
"refsource": "MISC",
"url": "https://sick.codes/sick-2022-42"
},
{
"name": "https://github.com/sickcodes/security/blob/master/advisories/SICK-2022-42.md",
"refsource": "MISC",
"url": "https://github.com/sickcodes/security/blob/master/advisories/SICK-2022-42.md"
},
{
"name": "https://blog.malwarebytes.com/social-engineering/2022/03/uri-spoofing-flaw-could-phish-whatsapp-signal-instagram-and-imessage-users/",
"refsource": "MISC",
"url": "https://blog.malwarebytes.com/social-engineering/2022/03/uri-spoofing-flaw-could-phish-whatsapp-signal-instagram-and-imessage-users/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-28345",
"datePublished": "2022-04-15T05:28:57",
"dateReserved": "2022-04-02T00:00:00",
"dateUpdated": "2024-08-03T05:56:14.765Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9840 (GCVE-0-2018-9840)
Vulnerability from cvelistv5
Published
2018-04-10 05:00
Modified
2024-08-05 07:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Open Whisper Signal app before 2.23.2 for iOS allows physically proximate attackers to bypass the screen locker feature via certain rapid sequences of actions that include app opening, clicking on cancel, and using the home button.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/signalapp/Signal-iOS/commit/018a35df7b42b4941cb4dfc9f462b37c3fafd9e9 | x_refsource_MISC | |
| https://github.com/signalapp/Signal-iOS/commits/release/2.23.2 | x_refsource_MISC | |
| http://nint.en.do/Signal-Bypass-Screen-locker.php | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:24:56.258Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/signalapp/Signal-iOS/commit/018a35df7b42b4941cb4dfc9f462b37c3fafd9e9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/signalapp/Signal-iOS/commits/release/2.23.2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://nint.en.do/Signal-Bypass-Screen-locker.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Open Whisper Signal app before 2.23.2 for iOS allows physically proximate attackers to bypass the screen locker feature via certain rapid sequences of actions that include app opening, clicking on cancel, and using the home button."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-10T04:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/signalapp/Signal-iOS/commit/018a35df7b42b4941cb4dfc9f462b37c3fafd9e9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/signalapp/Signal-iOS/commits/release/2.23.2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://nint.en.do/Signal-Bypass-Screen-locker.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Open Whisper Signal app before 2.23.2 for iOS allows physically proximate attackers to bypass the screen locker feature via certain rapid sequences of actions that include app opening, clicking on cancel, and using the home button."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/signalapp/Signal-iOS/commit/018a35df7b42b4941cb4dfc9f462b37c3fafd9e9",
"refsource": "MISC",
"url": "https://github.com/signalapp/Signal-iOS/commit/018a35df7b42b4941cb4dfc9f462b37c3fafd9e9"
},
{
"name": "https://github.com/signalapp/Signal-iOS/commits/release/2.23.2",
"refsource": "MISC",
"url": "https://github.com/signalapp/Signal-iOS/commits/release/2.23.2"
},
{
"name": "http://nint.en.do/Signal-Bypass-Screen-locker.php",
"refsource": "MISC",
"url": "http://nint.en.do/Signal-Bypass-Screen-locker.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-9840",
"datePublished": "2018-04-10T05:00:00",
"dateReserved": "2018-04-07T00:00:00",
"dateUpdated": "2024-08-05T07:24:56.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-16132 (GCVE-0-2018-16132)
Vulnerability from cvelistv5
Published
2018-08-29 22:00
Modified
2024-08-05 10:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The image rendering component (createGenericPreview) of the Open Whisper Signal app through 2.29.0 for iOS fails to check for unreasonably large images before manipulating received images. This allows for a large image sent to a user to exhaust all available memory when the image is displayed, resulting in a forced restart of the device.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/bugtraq/2018/Aug/57 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2018/Aug/57"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The image rendering component (createGenericPreview) of the Open Whisper Signal app through 2.29.0 for iOS fails to check for unreasonably large images before manipulating received images. This allows for a large image sent to a user to exhaust all available memory when the image is displayed, resulting in a forced restart of the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-29T22:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/bugtraq/2018/Aug/57"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16132",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The image rendering component (createGenericPreview) of the Open Whisper Signal app through 2.29.0 for iOS fails to check for unreasonably large images before manipulating received images. This allows for a large image sent to a user to exhaust all available memory when the image is displayed, resulting in a forced restart of the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/bugtraq/2018/Aug/57",
"refsource": "MISC",
"url": "http://seclists.org/bugtraq/2018/Aug/57"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16132",
"datePublished": "2018-08-29T22:00:00",
"dateReserved": "2018-08-29T00:00:00",
"dateUpdated": "2024-08-05T10:17:38.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}