Vulnerability in KDDI, NTT DOCOMO, and SoftBank Messaging Applications
CVE-2022-43543

5.4MEDIUM

Key Information:

Vendor

Kddi Corporation, Ntt Docomo, Inc., And Softbank Corp.

Status
Kddi +message App For Android And For iOS, Ntt Docomo +message App For Android And For iOS, And Softbank +message App For Android And For iOS
Vendor
CVE Published:
21 December 2022

What is CVE-2022-43543?

The +Message Apps from KDDI, NTT DOCOMO, and SoftBank are susceptible to a vulnerability that stems from the incorrect processing of Unicode control characters. This flaw allows the applications to display processed text inaccurately, which can lead to the presentation of misleading web links. Malicious actors can exploit this issue by crafting text that, when displayed, shows deceptive URLs, enabling potential phishing attacks. Users of affected versions should be aware of this risk and take appropriate measures.

Affected Version(s)

KDDI +Message App for Android and for iOS, NTT DOCOMO +Message App for Android and for iOS, and SoftBank +Message App for Android and for iOS KDDI +Message App for Android prior to version 3.9.2 and +Message App for iOS prior to version 3.9.4, NTT DOCOMO +Message App for Android prior to version 54.49.0500 and +Message App for iOS prior to version 3.9.4, and SoftBank +Message App for Android prior to version 12.9.5 and +Message App for iOS prior to version 3.9.4

References

https://www.au.com/mobile/service/plus-message/information/
https://www.docomo.ne.jp/service/plus_message/
https://www.softbank.jp/mobile/service/plus-message/

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.