CVE-2019-17192

Name of the Vulnerable Software and Affected Versions Signal Private Messenger versions through 4.47.7 for Android

Description The issue is related to the WebRTC component in the Signal Private Messenger application, which processes videoconferencing RTP packets before a callee chooses to answer a call. This behavior might make it easier for remote attackers to cause a denial of service or possibly have unspecified other impact via malformed packets. The vendor plans to continue this behavior for performance reasons unless a WebRTC design change occurs.

Recommendations For Signal Private Messenger versions through 4.47.7 for Android, consider disabling the WebRTC component until a design change or further guidance is provided by the vendor. As a temporary workaround, restrict the use of videoconferencing features to minimize the risk of exploitation.