Lucene search

PRIOn knowledge basePRION:CVE-2022-43543

HistoryDec 21, 2022 - 9:15 a.m.

Design/Logic Flaw

2022-12-2109:15:00

PRIOn knowledge base

www.prio-n.com

kddi +message app

ntt docomo +message app

softbank +message app

unicode control characters

spoofed url

phishing attacks

vulnerability

android

ios

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.0%

JSON

KDDI +Message App, NTT DOCOMO +Message App, and SoftBank +Message App contain a vulnerability caused by improper handling of Unicode control characters. +Message App displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode control character’s specifications. Therefore, a crafted text may display misleading web links. As a result, a spoofed URL may be displayed and phishing attacks may be conducted. Affected products and versions are as follows: KDDI +Message App for Android prior to version 3.9.2 and +Message App for iOS prior to version 3.9.4, NTT DOCOMO +Message App for Android prior to version 54.49.0500 and +Message App for iOS prior to version 3.9.4, and SoftBank +Message App for Android prior to version 12.9.5 and +Message App for iOS prior to version 3.9.4

CPENameOperatorVersion
\\+_messagelt3.9.4
\\+_messagelt54.49.0500
\\+_messagelt3.9.2
\\+_messagelt3.9.4
\\+_messagelt12.9.5
\\+_messagelt3.9.4

Name	Operator	Version
\\+_message	lt	3.9.4
\\+_message	lt	54.49.0500
\\+_message	lt	3.9.2
\\+_message	lt	3.9.4
\\+_message	lt	12.9.5
\\+_message	lt	3.9.4

References

jvn.jp/en/jp/JVN43561812/index.html

www.au.com/mobile/service/plus-message/information/

www.docomo.ne.jp/service/plus_message/

www.softbank.jp/mobile/service/plus-message/