CVE & CISA-KEV Catalog

CVE-2022-43543

MEDIUM
5.4
CVSS v3
NVD

Description

KDDI +Message App, NTT DOCOMO +Message App, and SoftBank +Message App contain a vulnerability caused by improper handling of Unicode control characters. +Message App displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode control character's specifications. Therefore, a crafted text may display misleading web links. As a result, a spoofed URL may be displayed and phishing attacks may be conducted. Affected products and versions are as follows: KDDI +Message App for Android prior to version 3.9.2 and +Message App for iOS prior to version 3.9.4, NTT DOCOMO +Message App for Android prior to version 54.49.0500 and +Message App for iOS prior to version 3.9.4, and SoftBank +Message App for Android prior to version 12.9.5 and +Message App for iOS prior to version 3.9.4

How to fix

Remediation Available
\+ messageNVD
Affected:< 3.9.4Fixed in:3.9.4CVE-2022-43543derived from NVD
Affected:< 54.49.0500Fixed in:54.49.0500CVE-2022-43543derived from NVD
Affected:< 3.9.2Fixed in:3.9.2CVE-2022-43543derived from NVD
Affected:< 3.9.4Fixed in:3.9.4CVE-2022-43543derived from NVD
Affected:< 12.9.5Fixed in:12.9.5CVE-2022-43543derived from NVD
Affected:< 3.9.4Fixed in:3.9.4CVE-2022-43543derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged

Impact

ConfidentialityLow
IntegrityLow
AvailabilityNone

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Exploit Intelligence

0.49%probability of exploitation in 30 days
39thpercentile

Low risk: more likely to be exploited than 39% of all known CVEs.

References

Third-Party Advisory1

Related Vulnerabilities

Other CWE-116 vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2024-38475Critical9.1100%KEVFix
CVE-2022-36446Critical9.896%-Fix
CVE-2021-31806Medium6.596%-Fix
CVE-2022-30781High7.588%-Fix
CVE-2022-36099Critical9.976%-Fix
CVE-2022-36100Critical9.974%-Fix
Embed a live status badge for CVE-2022-43543
CVE-2022-43543 severity badge

Markdown

[![CVE-2022-43543](https://tridentstack.com/cve/badge/CVE-2022-43543.svg)](https://tridentstack.com/cve/CVE-2022-43543)

HTML

<a href="https://tridentstack.com/cve/CVE-2022-43543"><img src="https://tridentstack.com/cve/badge/CVE-2022-43543.svg" alt="CVE-2022-43543"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-04-16.