Always-Incorrect Control Flow Implementation

CVE-2019-17192

High

9.8/10

Summary

The WebRTC component in the Signal Private Messenger application through 4.47.7 for Android processes videoconferencing RTP packets before a callee chooses to answer a call, which might make it easier for remote attackers to cause a denial of service or possibly have unspecified other impact via malformed packets. NOTE: the vendor plans to continue this behavior for performance reasons unless a WebRTC design change occurs

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-670 - Always-Incorrect Control Flow Implementation

The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.

References

Advisory Timeline

Published Oct 05, 2019

Always-Incorrect Control Flow Implementation

CVE-2019-17192

Summary

CWE-670 - Always-Incorrect Control Flow Implementation

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS