CRITICAL🇵🇱 Wersja polska

CVE-2019-17192

CVSS 9.8v3.1pub. 2019-10-05upd. 2024-11-21

The WebRTC component in the Signal Private Messenger application through 4.47.7 for Android processes videoconferencing RTP packets before a callee chooses to answer a call, which might make it easier for remote attackers to cause a denial of service or possibly have unspecified other impact via malformed packets. NOTE: the vendor plans to continue this behavior for performance reasons unless a WebRTC design change occurs

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Signal Private Messenger

    APP
    Signal
    ≤ 4.47.7
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
DoS
CWE
References

Related vulnerabilities

CVE-2019-17191HIGH7.5ten sam produkt

The Signal Private Messenger application before 4.47.7 for Android allows a caller to force a call to be answe...

CVE-2020-5753MEDIUM5.3ten sam produkt

Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a ...

CVE-2019-9970MEDIUM6.5ten sam produkt

Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4...

CVE-2018-3988MEDIUM4.7ten sam produkt

Signal Messenger for Android 4.24.8 may expose private information when using "disappearing messages." If a us...

CVE-2023-24068HIGH7.8ten sam vendor

Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments...