HIGH 7.5
CVE-2019-17191
The Signal Private Messenger application before 4.47.7 for Android allows a caller to force a call to be answered, without callee user interaction, via a connect message. The existence of the call is noticeable to the callee; however, the audio channel may be open before the callee can block eavesdropping.
CVSS v3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected mobile apps
Vulnerable CPE configurations
| Vendor | Product | Platform | Versions | CPE 2.3 URI |
|---|---|---|---|---|
| signal | private_messenger | Android | <4.47.7 | cpe:2.3:a:signal:private_messenger:*:*:*:*:*:android:*:* |