CVE-2019-17191
First published: Sat Oct 05 2019(Updated: )
The Signal Private Messenger application before 4.47.7 for Android allows a caller to force a call to be answered, without callee user interaction, via a connect message. The existence of the call is noticeable to the callee; however, the audio channel may be open before the callee can block eavesdropping.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Signal Private Messenger Android | <4.47.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-17191?
CVE-2019-17191 is a vulnerability that allows a caller to force a call to be answered in the Signal Private Messenger application before version 4.47.7 for Android.
How severe is CVE-2019-17191?
CVE-2019-17191 is considered high severity with a CVSS score of 7.5.
Which version of Signal Private Messenger for Android is affected by CVE-2019-17191?
The vulnerability affects Signal Private Messenger for Android versions up to but not including 4.47.7.
How can I exploit CVE-2019-17191?
We do not provide information or support for exploiting vulnerabilities. CVE-2019-17191 is a vulnerability that should be addressed and fixed.
How do I fix CVE-2019-17191?
To fix CVE-2019-17191, update Signal Private Messenger for Android to version 4.47.7 or later.
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/signal
- canonical/signal private messenger android