** DISPUTED ** The WebRTC component in the Signal Private Messenger application through 4.47.7 for Android processes videoconferencing RTP packets before a callee chooses to answer a call, which might make it easier for remote attackers to cause a denial of service or possibly have unspecified other impact via malformed packets. NOTE: the vendor plans to continue this behavior for performance reasons unless a WebRTC design change occurs.

Published : 2019-10-05 02:15 Updated : 2019-10-10 19:57

CVSS Score More info
Score 7.5 / 10
Vendor Product Version URI
Signal Signal Private Messenger 4.47.7 cpe:/a:signal:signal_private_messenger:4.47.7::~~~android~~
  1. Signal (1) Search CVE
    1. Signal Private Messenger (1) Search CVE
      1. 4.47.7


ID Name Description Links
CWE-20 Improper Input Validation The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program. CVE

History of changes

Date Event
2019-10-10 19:57
2019-10-05 02:15