Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets.

Published : 2019-03-24 02:29 Updated : 2019-03-25 20:29


There is no CVSS for this CVE.


There is no CPE for this CVE.


There is no CWE for this CVE.