PT-2018-13416 · Signal · Open Whisper Signal

Nick M. Mckenna

Publicado

2018-08-29

Atualizado

2018-11-08

CVE-2018-16132

CVSS v3.1

8.6

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Open Whisper Signal versions through 2.29.0

Description The issue arises from the image rendering component, specifically the createGenericPreview function, which fails to check for unreasonably large images before manipulating them. This allows an attacker to send a large image to a user, causing the device to exhaust its available memory when the image is displayed, resulting in a forced restart.

Recommendations For versions through 2.29.0, as a temporary workaround, consider disabling the image preview feature until a patch is available. Restrict the receipt of large images to minimize the risk of exploitation.

Correção

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400

Identificadores relacionados

CVE-2018-16132

Produtos afetados

Open Whisper Signal

PT-2018-13416 · Signal · Open Whisper Signal

CVE-2018-16132

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3