Signal 2.31.0.25 for iPhone OS

CPE Details

Signal 2.31.0.25 for iPhone OS
signal
signal
2.31.0.25
2018-11-21
14h09 +00:00
2018-11-21
14h09 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:signal:signal:2.31.0.25:*:*:*:*:iphone_os:*:*

Informations

Vendor

signal

Product

signal

Version

2.31.0.25

Target Software

iphone_os

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-28345 2022-04-15 03h28 +00:00 The Signal app before 5.34 for iOS allows URI spoofing via RTLO injection. It incorrectly renders RTLO encoded URLs beginning with a non-breaking space, when there is a hash character in the URL. This technique allows a remote unauthenticated attacker to send legitimate looking links, appearing to be any website URL, by abusing the non-http/non-https automatic rendering of URLs. An attacker can spoof, for example, example.com, and masquerade any URL with a malicious destination. An attacker requires a subdomain such as gepj, txt, fdp, or xcod, which would appear backwards as jpeg, txt, pdf, and docx respectively.
7.5
High
CVE-2020-5753 2020-05-20 11h40 +00:00 Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a victim's Signal phone and disclose currently used DNS server due to ICE Candidate handling before call is answered or declined.
5.3
Medium