Vulnerabilities > CVE-2019-17192 - Always-Incorrect Control Flow Implementation vulnerability in Signal Private Messenger
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The WebRTC component in the Signal Private Messenger application through 4.47.7 for Android processes videoconferencing RTP packets before a callee chooses to answer a call, which might make it easier for remote attackers to cause a denial of service or possibly have unspecified other impact via malformed packets. NOTE: the vendor plans to continue this behavior for performance reasons unless a WebRTC design change occurs
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1936
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1936
- https://news.ycombinator.com/item?id=21161432
- https://news.ycombinator.com/item?id=21161432
- https://twitter.com/moxie/status/1180226374851710976
- https://twitter.com/moxie/status/1180226374851710976