MEDIUM🇵🇱 Wersja polska

CVE-2020-5753

CVSS 5.3v3.1pub. 2020-05-20upd. 2024-11-21

Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a victim's Signal phone and disclose currently used DNS server due to ICE Candidate handling before call is answered or declined.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  • Signal Private Messenger

    APP
    Signal
    ≤ 4.59.0
  • Signal

    APP
    Signal
    ≤ 3.8.1.5
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2019-17192CRITICAL9.8ten sam produkt

The WebRTC component in the Signal Private Messenger application through 4.47.7 for Android processes videocon...

CVE-2022-28345HIGH7.5ten sam produkt

The Signal app before 5.34 for iOS allows URI spoofing via RTLO injection. It incorrectly renders RTLO encoded...

CVE-2019-17191HIGH7.5ten sam produkt

The Signal Private Messenger application before 4.47.7 for Android allows a caller to force a call to be answe...

CVE-2018-16132HIGH8.6ten sam produkt

The image rendering component (createGenericPreview) of the Open Whisper Signal app through 2.29.0 for iOS fai...

CVE-2019-9970MEDIUM6.5ten sam produkt

Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4...