CVE-2018-3988: Infoleak
First published: Mon Dec 10 2018(Updated: )
Signal Messenger for Android 4.24.8 may expose private information when using "disappearing messages." If a user uses the photo feature available in the "attach file" menu, then Signal will leave the picture in its own cache directory, which is available to any application on the system.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Signal Private Messenger Android | =4.24.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-3988?
CVE-2018-3988 is a vulnerability in Signal Messenger for Android 4.24.8 that may expose private information when using disappearing messages.
How does CVE-2018-3988 affect Signal Messenger for Android 4.24.8?
CVE-2018-3988 affects Signal Messenger for Android 4.24.8 by leaving pictures in its cache directory, which can be accessed by any application on the system.
What is the severity of CVE-2018-3988?
CVE-2018-3988 has a severity value of 4.7 (medium).
How can I fix the CVE-2018-3988 vulnerability?
To fix the CVE-2018-3988 vulnerability, it is recommended to update Signal Messenger for Android to a version that addresses this issue.
Are there any references regarding CVE-2018-3988?
Yes, you can find more information about CVE-2018-3988 at the following references: - [SecurityFocus link](http://www.securityfocus.com/bid/106207) - [Talos Intelligence link](https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0656)
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/signal
- canonical/signal private messenger android
- version/signal private messenger android/4.24.8