Описание
Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a victim's Signal phone and disclose currently used DNS server due to ICE Candidate handling before call is answered or declined.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.59.0 (включая)Версия до 3.8.1.5 (включая)
Одно из
cpe:2.3:a:signal:private_messenger:*:*:*:*:*:android:*:*
cpe:2.3:a:signal:signal:*:*:*:*:*:iphone_os:*:*
EPSS
Процентиль: 46%
0.00232
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-670
Связанные уязвимости
CVSS3: 5.3
github
больше 3 лет назад
Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a victim's Signal phone and disclose currently used DNS server due to ICE Candidate handling before call is answered or declined.
EPSS
Процентиль: 46%
0.00232
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-670