MEDIUM 5.3
CVE-2020-5753
Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a victim's Signal phone and disclose currently used DNS server due to ICE Candidate handling before call is answered or declined.
CVSS v3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected tracked apps
Vulnerable CPE configurations
| Vendor | Product | Platform | Versions | CPE 2.3 URI |
|---|---|---|---|---|
| signal | private_messenger | Android | ≤4.59.0 | cpe:2.3:a:signal:private_messenger:*:*:*:*:*:android:*:* |
| signal | signal | iOS | ≤3.8.1.5 | cpe:2.3:a:signal:signal:*:*:*:*:*:iphone_os:*:* |