Vulnerability in Wireapp Wire-ios
CVE-2022-23625
Wire-ios is a messaging application using the wire protocol on apple's ios platform. In versions prior to 3.95 malformed resource identifiers may render the iOS Wire Client completely unusable by causing it to repeatedly crash on launch. T…
EPSS: 0.004 (59.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Affected products
- Wireapp Wire-ios — versions < 3.95
Weakness classification (CWE)
References
- github.com/wireapp/wire-ios/security/advisories/GHSA-rq36-8qfp-79mc (x_refsource_CONFIRM)
- github.com/wireapp/wire-ios-transport/security/advisories/GHSA-3xvh-x964-572h (x_refsource_MISC)
- github.com/wireapp/wire-ios-transport/commit/02e90aa45edaf7eb2d8b97fa2377cd8104… (x_refsource_MISC)
Frequently asked questions
- What is CVE-2022-23625?
- CVE-2022-23625 is a medium-severity vulnerability in Wireapp Wire-ios, classified under Improper Handling of Exceptional Conditions. CVSS score: 6.5/10. Published 2022-03-11.
- How severe is CVE-2022-23625?
- Medium severity. CVSS v3 base score is 6.5 out of 10.