Описание
The Signal Private Messenger application before 4.47.7 for Android allows a caller to force a call to be answered, without callee user interaction, via a connect message. The existence of the call is noticeable to the callee; however, the audio channel may be open before the callee can block eavesdropping.
Ссылки
- ExploitThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.47.7 (исключая)
cpe:2.3:a:signal:private_messenger:*:*:*:*:*:android:*:*
EPSS
Процентиль: 54%
0.00319
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-863
Связанные уязвимости
github
больше 3 лет назад
The Signal Private Messenger application before 4.47.7 for Android allows a caller to force a call to be answered, without callee user interaction, via a connect message. The existence of the call is noticeable to the callee; however, the audio channel may be open before the callee can block eavesdropping.
EPSS
Процентиль: 54%
0.00319
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-863