CVE-2021-32666— Asset DoS vulnerability

Asset DoS vulnerability

wire-ios is the iOS version of Wire, an open-source secure messaging app. In wire-ios versions 3.8.0 and prior, a vulnerability exists that can cause a denial of service between users. If a user has an invalid assetID for their profile picture and it contains the " character, it will cause the iOS client to crash. The vulnerability is patched in wire-ios version 3.8.1.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

输入验证不恰当

wireapp wire-ios 输入验证错误漏洞

Wire是个人开发者的一款聊天软件。该软件支持 Web、WindowsiOS、Android、OS X 平台，有群组功能，可以语音通话，发送照片以及其独创性的打招呼方式 PING。 wireapp wire-ios存在安全漏洞，该漏洞源于Wire-iOS 3.8.0版本及之前的版本中，存在一个可以导致用户之间拒绝服务的漏洞。如果如果用户头像的assetID无效，并且包含"字符，它将导致iOS客户端崩溃。

N/A

N/A