Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Signal app before 5.34 for iOS allows URI spoofing via RTLO injection. It incorrectly renders RTLO encoded URLs beginning with a non-breaking space, when there is a hash character in the URL. This technique allows a remote unauthenticated attacker to send legitimate looking links, appearing to be any website URL, by abusing the non-http/non-https automatic rendering of URLs. An attacker can spoof, for example, example.com, and masquerade any URL with a malicious destination. An attacker requires a subdomain such as gepj, txt, fdp, or xcod, which would appear backwards as jpeg, txt, pdf, and docx respectively.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Signal iOS Client 注入漏洞
Vulnerability Description
Signal iOS Client是Signal开源的一款免费的开源消息传递应用程序。用于与朋友进行简单的私人通信。 Signal for iOS 5.34 版本之前存在安全漏洞,该漏洞源于允许通过 RTLO 注入进行 URI 欺骗。当 URL 中有哈希字符时,它会错误地呈现以不间断空格开头的 RTLO 编码 URL。 未经身份验证的远程攻击者通过滥用 URL 的非 http/非 https 自动呈现来发送看似任何网站 URL 的合法链接。
CVSS Information
N/A
Vulnerability Type
N/A