{
  "schema_version": "1.4.0",
  "id": "GHSA-jxxq-8qw2-56g4",
  "modified": "2025-04-16T18:31:30Z",
  "published": "2022-12-21T09:30:25Z",
  "aliases": [
    "CVE-2022-43543"
  ],
  "details": "KDDI +Message App, NTT DOCOMO +Message App, and SoftBank +Message App contain a vulnerability caused by improper handling of Unicode control characters. +Message App displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode control character's specifications. Therefore, a crafted text may display misleading web links. As a result, a spoofed URL may be displayed and phishing attacks may be conducted. Affected products and versions are as follows: KDDI +Message App for Android prior to version 3.9.2 and +Message App for iOS prior to version 3.9.4, NTT DOCOMO +Message App for Android prior to version 54.49.0500 and +Message App for iOS prior to version 3.9.4, and SoftBank +Message App for Android prior to version 12.9.5 and +Message App for iOS prior to version 3.9.4",
  "severity": [
    {
      "type": "CVSS_V3",
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
    }
  ],
  "affected": [],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43543"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN43561812/index.html"
    },
    {
      "type": "WEB",
      "url": "https://www.au.com/mobile/service/plus-message/information"
    },
    {
      "type": "WEB",
      "url": "https://www.docomo.ne.jp/service/plus_message"
    },
    {
      "type": "WEB",
      "url": "https://www.softbank.jp/mobile/service/plus-message"
    }
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-116"
    ],
    "severity": "MODERATE",
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-21T09:15:00Z"
  }
}