HIGH🇬🇧 English

CVE-2019-17191

CVSS 7.5v3.1pub. 2019-10-05upd. 2024-11-21

The Signal Private Messenger application before 4.47.7 for Android allows a caller to force a call to be answered, without callee user interaction, via a connect message. The existence of the call is noticeable to the callee; however, the audio channel may be open before the callee can block eavesdropping.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Signal Private Messenger

    APP
    Signal
    < 4.47.7
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2019-17192CRITICAL9.8ten sam produkt

The WebRTC component in the Signal Private Messenger application through 4.47.7 for Android processes videocon...

CVE-2020-5753MEDIUM5.3ten sam produkt

Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a ...

CVE-2019-9970MEDIUM6.5ten sam produkt

Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4...

CVE-2018-3988MEDIUM4.7ten sam produkt

Signal Messenger for Android 4.24.8 may expose private information when using "disappearing messages." If a us...

CVE-2023-24068HIGH7.8ten sam vendor

Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments...

CVE-2019-17191 — HIGH 7.5 | CVEbaza.pl