Vulnerability-Lookup

CNVD-2022-27551

Vulnerability from cnvd - Published: 2022-04-11

Title

Facebook Instagram输入验证错误漏洞

Description

Instagram（照片墙）是一款运行在移动端上的社交应用，以一种快速、美妙和有趣的方式将你随时抓拍下的图片彼此分享。 Facebook Instagram存在输入验证错误漏洞，该漏洞源于无法正确向用户呈现URI消息，攻击者可利用漏洞导致通过特制消息进行URI欺骗。

Severity

中

Formal description

目前厂商暂未发布修复措施解决此安全问题，建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法： https://github.com/zadewg/RIUS

Reference

https://cxsecurity.com/cveshow/CVE-2020-20094/

Impacted products

Name
['Facebook Instagram Android <=107.0.0.11', 'Facebook Instagram iOS <=106.0']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-20094"
    }
  },
  "description": "Instagram\uff08\u7167\u7247\u5899\uff09\u662f\u4e00\u6b3e\u8fd0\u884c\u5728\u79fb\u52a8\u7aef\u4e0a\u7684\u793e\u4ea4\u5e94\u7528\uff0c\u4ee5\u4e00\u79cd\u5feb\u901f\u3001\u7f8e\u5999\u548c\u6709\u8da3\u7684\u65b9\u5f0f\u5c06\u4f60\u968f\u65f6\u6293\u62cd\u4e0b\u7684\u56fe\u7247\u5f7c\u6b64\u5206\u4eab\u3002\n\nFacebook Instagram\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u65e0\u6cd5\u6b63\u786e\u5411\u7528\u6237\u5448\u73b0URI\u6d88\u606f\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u5bfc\u81f4\u901a\u8fc7\u7279\u5236\u6d88\u606f\u8fdb\u884cURI\u6b3a\u9a97\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\nhttps://github.com/zadewg/RIUS",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-27551",
  "openTime": "2022-04-11",
  "products": {
    "product": [
      "Facebook Instagram Android \u003c=107.0.0.11",
      "Facebook Instagram iOS \u003c=106.0"
    ]
  },
  "referenceLink": "https://cxsecurity.com/cveshow/CVE-2020-20094/",
  "serverity": "\u4e2d",
  "submitTime": "2022-03-28",
  "title": "Facebook Instagram\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e"
}

CVE-2020-20094 (GCVE-0-2020-20094)

Vulnerability from cvelistv5 – Published: 2022-03-23 21:27 – Updated: 2024-08-04 14:15

Summary

Instagram iOS 106.0 and prior and Android 107.0.0.11 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://github.com/zadewg/RIUS	x_refsource_MISC
	http://packetstormsecurity.com/files/166448/RTLO-…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T14:15:28.887Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/zadewg/RIUS"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/166448/RTLO-Injection-URI-Spoofing.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Instagram iOS 106.0 and prior and Android 107.0.0.11 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-03-25T16:06:17.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/zadewg/RIUS"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/166448/RTLO-Injection-URI-Spoofing.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-20094",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Instagram iOS 106.0 and prior and Android 107.0.0.11 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/zadewg/RIUS",
              "refsource": "MISC",
              "url": "https://github.com/zadewg/RIUS"
            },
            {
              "name": "http://packetstormsecurity.com/files/166448/RTLO-Injection-URI-Spoofing.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/166448/RTLO-Injection-URI-Spoofing.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-20094",
    "datePublished": "2022-03-23T21:27:46.000Z",
    "dateReserved": "2020-08-13T00:00:00.000Z",
    "dateUpdated": "2024-08-04T14:15:28.887Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2022-27551

CVE-2020-20094 (GCVE-0-2020-20094)

Tags

Sightings

Nomenclature