Signal 2.24.0.7 for iPhone OS

CPE Details

Signal 2.24.0.7 for iPhone OS
signal
signal
2.24.0.7
2018-05-17
10h55 +00:00
2018-05-17
10h55 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:signal:signal:2.24.0.7:*:*:*:*:iphone_os:*:*

Informations

Vendor

signal

Product

signal

Version

2.24.0.7

Target Software

iphone_os

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-28345 2022-04-15 03h28 +00:00 The Signal app before 5.34 for iOS allows URI spoofing via RTLO injection. It incorrectly renders RTLO encoded URLs beginning with a non-breaking space, when there is a hash character in the URL. This technique allows a remote unauthenticated attacker to send legitimate looking links, appearing to be any website URL, by abusing the non-http/non-https automatic rendering of URLs. An attacker can spoof, for example, example.com, and masquerade any URL with a malicious destination. An attacker requires a subdomain such as gepj, txt, fdp, or xcod, which would appear backwards as jpeg, txt, pdf, and docx respectively.
7.5
High
CVE-2020-5753 2020-05-20 11h40 +00:00 Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a victim's Signal phone and disclose currently used DNS server due to ICE Candidate handling before call is answered or declined.
5.3
Medium
CVE-2018-16132 2018-08-29 20h00 +00:00 The image rendering component (createGenericPreview) of the Open Whisper Signal app through 2.29.0 for iOS fails to check for unreasonably large images before manipulating received images. This allows for a large image sent to a user to exhaust all available memory when the image is displayed, resulting in a forced restart of the device.
8.6
High