Signal 3.4.0.4 for iPhone OS

CPE Details

Signal 3.4.0.4 for iPhone OS
signal
signal
3.4.0.4
2020-05-29
13h08 +00:00
2020-05-29
13h08 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:signal:signal:3.4.0.4:*:*:*:*:iphone_os:*:*

Informations

Vendor

signal

Product

signal

Version

3.4.0.4

Target Software

iphone_os

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-28345 2022-04-15 03h28 +00:00 The Signal app before 5.34 for iOS allows URI spoofing via RTLO injection. It incorrectly renders RTLO encoded URLs beginning with a non-breaking space, when there is a hash character in the URL. This technique allows a remote unauthenticated attacker to send legitimate looking links, appearing to be any website URL, by abusing the non-http/non-https automatic rendering of URLs. An attacker can spoof, for example, example.com, and masquerade any URL with a malicious destination. An attacker requires a subdomain such as gepj, txt, fdp, or xcod, which would appear backwards as jpeg, txt, pdf, and docx respectively.
7.5
High
CVE-2020-5753 2020-05-20 11h40 +00:00 Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a victim's Signal phone and disclose currently used DNS server due to ICE Candidate handling before call is answered or declined.
5.3
Medium