All the vulnerabilites related to Facebook - WhatsApp Business for iOS
cve-2018-6350
Vulnerability from cvelistv5
Published
2019-06-14 17:02
Modified
2024-08-05 06:01
Severity ?
EPSS score ?
Summary
An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers. This issue affects WhatsApp for Android prior to 2.18.276, WhatsApp Business for Android prior to 2.18.99, WhatsApp for iOS prior to 2.18.100.6, WhatsApp Business for iOS prior to 2.18.100.2, and WhatsApp for Windows Phone prior to 2.18.224.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.facebook.com/security/advisories/cve-2018-6350/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/108803 | vdb-entry, x_refsource_BID |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:48.744Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.facebook.com/security/advisories/cve-2018-6350/"
},
{
"name": "108803",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108803"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WhatsApp for Android",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.18.276"
},
{
"lessThan": "2.18.276",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp Business for Android",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.18.99"
},
{
"lessThan": "2.18.99",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp for iOS",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.18.100.6"
},
{
"lessThan": "2.18.100.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp Business for iOS",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.18.100.2"
},
{
"lessThan": "2.18.100.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp for Windows Phone",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.18.224"
},
{
"lessThan": "2.18.224",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2018-12-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers. This issue affects WhatsApp for Android prior to 2.18.276, WhatsApp Business for Android prior to 2.18.99, WhatsApp for iOS prior to 2.18.100.6, WhatsApp Business for iOS prior to 2.18.100.2, and WhatsApp for Windows Phone prior to 2.18.224."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-18T16:06:03",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.facebook.com/security/advisories/cve-2018-6350/"
},
{
"name": "108803",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108803"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2018-12-30",
"ID": "CVE-2018-6350",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WhatsApp for Android",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.18.276"
},
{
"version_affected": "\u003c",
"version_value": "2.18.276"
}
]
}
},
{
"product_name": "WhatsApp Business for Android",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.18.99"
},
{
"version_affected": "\u003c",
"version_value": "2.18.99"
}
]
}
},
{
"product_name": "WhatsApp for iOS",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.18.100.6"
},
{
"version_affected": "\u003c",
"version_value": "2.18.100.6"
}
]
}
},
{
"product_name": "WhatsApp Business for iOS",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.18.100.2"
},
{
"version_affected": "\u003c",
"version_value": "2.18.100.2"
}
]
}
},
{
"product_name": "WhatsApp for Windows Phone",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.18.224"
},
{
"version_affected": "\u003c",
"version_value": "2.18.224"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers. This issue affects WhatsApp for Android prior to 2.18.276, WhatsApp Business for Android prior to 2.18.99, WhatsApp for iOS prior to 2.18.100.6, WhatsApp Business for iOS prior to 2.18.100.2, and WhatsApp for Windows Phone prior to 2.18.224."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read (CWE-125)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.facebook.com/security/advisories/cve-2018-6350/",
"refsource": "MISC",
"url": "https://www.facebook.com/security/advisories/cve-2018-6350/"
},
{
"name": "108803",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108803"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2018-6350",
"datePublished": "2019-06-14T17:02:57",
"dateReserved": "2018-01-26T00:00:00",
"dateUpdated": "2024-08-05T06:01:48.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-1908
Vulnerability from cvelistv5
Published
2020-11-03 19:15
Modified
2024-08-04 06:53
Severity ?
EPSS score ?
Summary
Improper authorization of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior to v2.20.100 could have permitted use of Siri to interact with the WhatsApp application even after the phone was locked.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.whatsapp.com/security/advisories/2020/ | x_refsource_CONFIRM |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| WhatsApp Business for iOS | ||
| WhatsApp for iOS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:53:59.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.whatsapp.com/security/advisories/2020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WhatsApp Business for iOS",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.20.100"
},
{
"lessThan": "2.20.100",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp for iOS",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.20.100"
},
{
"lessThan": "2.20.100",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2020-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper authorization of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior to v2.20.100 could have permitted use of Siri to interact with the WhatsApp application even after the phone was locked."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-03T19:15:16",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.whatsapp.com/security/advisories/2020/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2020-11-03",
"ID": "CVE-2020-1908",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WhatsApp Business for iOS",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.20.100"
},
{
"version_affected": "\u003c",
"version_value": "2.20.100"
}
]
}
},
{
"product_name": "WhatsApp for iOS",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.20.100"
},
{
"version_affected": "\u003c",
"version_value": "2.20.100"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper authorization of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior to v2.20.100 could have permitted use of Siri to interact with the WhatsApp application even after the phone was locked."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.whatsapp.com/security/advisories/2020/",
"refsource": "CONFIRM",
"url": "https://www.whatsapp.com/security/advisories/2020/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2020-1908",
"datePublished": "2020-11-03T19:15:16",
"dateReserved": "2019-12-02T00:00:00",
"dateUpdated": "2024-08-04T06:53:59.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11931
Vulnerability from cvelistv5
Published
2019-11-14 22:55
Modified
2024-08-04 23:10
Severity ?
EPSS score ?
Summary
A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.facebook.com/security/advisories/cve-2019-11931 | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:10:29.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.facebook.com/security/advisories/cve-2019-11931"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WhatsApp for Android",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.19.274"
},
{
"lessThan": "2.19.274",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp for iOS",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.19.100"
},
{
"lessThan": "2.19.100",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp for Windows Phone",
"vendor": "Facebook",
"versions": [
{
"lessThanOrEqual": "2.18.368",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp Enterprise Client",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.25.3"
},
{
"lessThan": "2.25.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp Business for Android",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.19.104"
},
{
"lessThan": "2.19.104",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp Business for iOS",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.19.100"
},
{
"lessThan": "2.19.100",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2019-11-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow (CWE-121)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-14T22:55:52",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.facebook.com/security/advisories/cve-2019-11931"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2019-11-14",
"ID": "CVE-2019-11931",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WhatsApp for Android",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.19.274"
},
{
"version_affected": "\u003c",
"version_value": "2.19.274"
}
]
}
},
{
"product_name": "WhatsApp for iOS",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.19.100"
},
{
"version_affected": "\u003c",
"version_value": "2.19.100"
}
]
}
},
{
"product_name": "WhatsApp for Windows Phone",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2.18.368"
}
]
}
},
{
"product_name": "WhatsApp Enterprise Client",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.25.3"
},
{
"version_affected": "\u003c",
"version_value": "2.25.3"
}
]
}
},
{
"product_name": "WhatsApp Business for Android",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.19.104"
},
{
"version_affected": "\u003c",
"version_value": "2.19.104"
}
]
}
},
{
"product_name": "WhatsApp Business for iOS",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.19.100"
},
{
"version_affected": "\u003c",
"version_value": "2.19.100"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow (CWE-121)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.facebook.com/security/advisories/cve-2019-11931",
"refsource": "CONFIRM",
"url": "https://www.facebook.com/security/advisories/cve-2019-11931"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2019-11931",
"datePublished": "2019-11-14T22:55:52",
"dateReserved": "2019-05-13T00:00:00",
"dateUpdated": "2024-08-04T23:10:29.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-38538
Vulnerability from cvelistv5
Published
2023-10-04 19:10
Modified
2024-09-19 15:27
Severity ?
EPSS score ?
Summary
A race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have resulted in app termination or unexpected control flow with very low probability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.whatsapp.com/security/advisories/2023/ | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:46:56.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.whatsapp.com/security/advisories/2023/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38538",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T15:27:40.316899Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T15:27:48.295Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "WhatsApp Desktop for Mac",
"vendor": "Facebook",
"versions": [
{
"lessThan": "2.2338.12",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "WhatsApp Desktop for Windows",
"vendor": "Facebook",
"versions": [
{
"lessThan": "2.2320.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "WhatsApp Business for iOS",
"vendor": "Facebook",
"versions": [
{
"lessThan": "2.23.10.77",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "WhatsApp for iOS",
"vendor": "Facebook",
"versions": [
{
"lessThan": "2.23.10.77",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "WhatsApp Business for Android",
"vendor": "Facebook",
"versions": [
{
"lessThan": "2.23.10.77",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "WhatsApp for Android",
"vendor": "Facebook",
"versions": [
{
"lessThan": "2.23.10.77",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"dateAssigned": "2023-07-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have resulted in app termination or unexpected control flow with very low probability."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-416, CWE-366",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-04T19:10:49.627Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.whatsapp.com/security/advisories/2023/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2023-38538",
"datePublished": "2023-10-04T19:10:49.627Z",
"dateReserved": "2023-07-19T20:34:49.827Z",
"dateUpdated": "2024-09-19T15:27:48.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-24042
Vulnerability from cvelistv5
Published
2022-01-04 18:55
Modified
2024-08-03 19:21
Severity ?
EPSS score ?
Summary
The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230, WhatsApp for KaiOS prior to v2.2143, WhatsApp Desktop prior to v2.2146 could have allowed an out-of-bounds write if a user makes a 1:1 call to a malicious actor.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.whatsapp.com/security/advisories/2021/ | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:17.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WhatsApp Desktop",
"vendor": "Facebook",
"versions": [
{
"lessThan": "v2.2146",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "v2.2146",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp for KaiOS",
"vendor": "Facebook",
"versions": [
{
"lessThan": "v2.2143",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "v2.2143",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp Business for iOS",
"vendor": "Facebook",
"versions": [
{
"lessThan": "v2.21.230",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "v2.21.230",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp for iOS",
"vendor": "Facebook",
"versions": [
{
"lessThan": "v2.21.230",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "v2.21.230",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp Business for Android",
"vendor": "Facebook",
"versions": [
{
"lessThan": "v2.21.23",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "v2.21.23",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp for Android",
"vendor": "Facebook",
"versions": [
{
"lessThan": "v2.21.23",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "v2.21.23",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2021-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230, WhatsApp for KaiOS prior to v2.2143, WhatsApp Desktop prior to v2.2146 could have allowed an out-of-bounds write if a user makes a 1:1 call to a malicious actor."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow (CWE-122)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-04T18:55:08",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2021-11-09",
"ID": "CVE-2021-24042",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WhatsApp Desktop",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.2146"
},
{
"version_affected": "!\u003e=",
"version_value": "v2.2146"
}
]
}
},
{
"product_name": "WhatsApp for KaiOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.2143"
},
{
"version_affected": "!\u003e=",
"version_value": "v2.2143"
}
]
}
},
{
"product_name": "WhatsApp Business for iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.21.230"
},
{
"version_affected": "!\u003e=",
"version_value": "v2.21.230"
}
]
}
},
{
"product_name": "WhatsApp for iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.21.230"
},
{
"version_affected": "!\u003e=",
"version_value": "v2.21.230"
}
]
}
},
{
"product_name": "WhatsApp Business for Android",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.21.23"
},
{
"version_affected": "!\u003e=",
"version_value": "v2.21.23"
}
]
}
},
{
"product_name": "WhatsApp for Android",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.21.23"
},
{
"version_affected": "!\u003e=",
"version_value": "v2.21.23"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230, WhatsApp for KaiOS prior to v2.2143, WhatsApp Desktop prior to v2.2146 could have allowed an out-of-bounds write if a user makes a 1:1 call to a malicious actor."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow (CWE-122)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.whatsapp.com/security/advisories/2021/",
"refsource": "CONFIRM",
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2021-24042",
"datePublished": "2022-01-04T18:55:08",
"dateReserved": "2021-01-13T00:00:00",
"dateUpdated": "2024-08-03T19:21:17.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-3568
Vulnerability from cvelistv5
Published
2019-05-14 19:52
Modified
2024-08-04 19:12
Severity ?
EPSS score ?
Summary
A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.facebook.com/security/advisories/cve-2019-3568 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/108329 | vdb-entry, x_refsource_BID |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.facebook.com/security/advisories/cve-2019-3568"
},
{
"name": "108329",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108329"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WhatsApp for Android",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.19.134"
},
{
"lessThan": "2.19.134",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp Business for Android",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.19.44"
},
{
"lessThan": "2.19.134",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp for iOS",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.19.51"
},
{
"lessThan": "2.19.51",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp Business for iOS",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.19.51"
},
{
"lessThan": "2.19.51",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp for Windows Phone",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.18.348"
},
{
"lessThan": "2.18.348",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp for Tizen",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.18.15"
},
{
"lessThan": "2.18.15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2019-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow (CWE-122)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-13T20:57:11",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.facebook.com/security/advisories/cve-2019-3568"
},
{
"name": "108329",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108329"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2019-05-09",
"ID": "CVE-2019-3568",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WhatsApp for Android",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.19.134"
},
{
"version_affected": "\u003c",
"version_value": "2.19.134"
}
]
}
}
]
},
"vendor_name": "Facebook"
},
{
"product": {
"product_data": [
{
"product_name": "WhatsApp Business for Android",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.19.44"
},
{
"version_affected": "\u003c",
"version_value": "2.19.134"
}
]
}
}
]
},
"vendor_name": "Facebook"
},
{
"product": {
"product_data": [
{
"product_name": "WhatsApp for iOS",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.19.51"
},
{
"version_affected": "\u003c",
"version_value": "2.19.51"
}
]
}
}
]
},
"vendor_name": "Facebook"
},
{
"product": {
"product_data": [
{
"product_name": "WhatsApp Business for iOS",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.19.51"
},
{
"version_affected": "\u003c",
"version_value": "2.19.51"
}
]
}
}
]
},
"vendor_name": "Facebook"
},
{
"product": {
"product_data": [
{
"product_name": "WhatsApp for Windows Phone",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.18.348"
},
{
"version_affected": "\u003c",
"version_value": "2.18.348"
}
]
}
}
]
},
"vendor_name": "Facebook"
},
{
"product": {
"product_data": [
{
"product_name": "WhatsApp for Tizen",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.18.15"
},
{
"version_affected": "\u003c",
"version_value": "2.18.15"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow (CWE-122)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.facebook.com/security/advisories/cve-2019-3568",
"refsource": "MISC",
"url": "https://www.facebook.com/security/advisories/cve-2019-3568"
},
{
"name": "108329",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108329"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2019-3568",
"datePublished": "2019-05-14T19:52:40",
"dateReserved": "2019-01-02T00:00:00",
"dateUpdated": "2024-08-04T19:12:09.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-24026
Vulnerability from cvelistv5
Published
2021-04-06 16:45
Modified
2024-08-03 19:21
Severity ?
EPSS score ?
Summary
A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.whatsapp.com/security/advisories/2021/ | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:17.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WhatsApp Business for iOS",
"vendor": "Facebook",
"versions": [
{
"lessThan": "v2.21.32",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp for iOS",
"vendor": "Facebook",
"versions": [
{
"lessThan": "v2.21.32",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp Business for Android",
"vendor": "Facebook",
"versions": [
{
"lessThan": "v2.21.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp for Android",
"vendor": "Facebook",
"versions": [
{
"lessThan": "v2.21.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T16:45:15",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2021-04-06",
"ID": "CVE-2021-24026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WhatsApp Business for iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.21.32"
}
]
}
},
{
"product_name": "WhatsApp for iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.21.32"
}
]
}
},
{
"product_name": "WhatsApp Business for Android",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.21.3"
}
]
}
},
{
"product_name": "WhatsApp for Android",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.21.3"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.whatsapp.com/security/advisories/2021/",
"refsource": "CONFIRM",
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2021-24026",
"datePublished": "2021-04-06T16:45:15",
"dateReserved": "2021-01-13T00:00:00",
"dateUpdated": "2024-08-03T19:21:17.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-1907
Vulnerability from cvelistv5
Published
2020-10-06 17:35
Modified
2024-08-04 06:53
Severity ?
EPSS score ?
Summary
A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsApp Business for Android prior to v2.20.196.12, WhatsApp for iOS prior to v2.20.90, WhatsApp Business for iOS prior to v2.20.90, and WhatsApp for Portal prior to v173.0.0.29.505 could have allowed arbitrary code execution when parsing the contents of an RTP Extension header.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.whatsapp.com/security/advisories/2020/ | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:53:59.972Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.whatsapp.com/security/advisories/2020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WhatsApp for Android",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.20.196.16"
},
{
"lessThan": "2.20.196.16",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp Business for Android",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.20.196.12"
},
{
"lessThan": "2.20.196.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp for iOS",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.20.90"
},
{
"lessThan": "2.20.90",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp Business for iOS",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.20.90"
},
{
"lessThan": "2.20.90",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp for Portal",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "173.0.0.29.505"
},
{
"lessThan": "173.0.0.29.505",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2020-10-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsApp Business for Android prior to v2.20.196.12, WhatsApp for iOS prior to v2.20.90, WhatsApp Business for iOS prior to v2.20.90, and WhatsApp for Portal prior to v173.0.0.29.505 could have allowed arbitrary code execution when parsing the contents of an RTP Extension header."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-06T17:35:27",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.whatsapp.com/security/advisories/2020/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2020-10-06",
"ID": "CVE-2020-1907",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WhatsApp for Android",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.20.196.16"
},
{
"version_affected": "\u003c",
"version_value": "2.20.196.16"
}
]
}
},
{
"product_name": "WhatsApp Business for Android",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.20.196.12"
},
{
"version_affected": "\u003c",
"version_value": "2.20.196.12"
}
]
}
},
{
"product_name": "WhatsApp for iOS",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.20.90"
},
{
"version_affected": "\u003c",
"version_value": "2.20.90"
}
]
}
},
{
"product_name": "WhatsApp Business for iOS",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.20.90"
},
{
"version_affected": "\u003c",
"version_value": "2.20.90"
}
]
}
},
{
"product_name": "WhatsApp for Portal",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "173.0.0.29.505"
},
{
"version_affected": "\u003c",
"version_value": "173.0.0.29.505"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsApp Business for Android prior to v2.20.196.12, WhatsApp for iOS prior to v2.20.90, WhatsApp Business for iOS prior to v2.20.90, and WhatsApp for Portal prior to v173.0.0.29.505 could have allowed arbitrary code execution when parsing the contents of an RTP Extension header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.whatsapp.com/security/advisories/2020/",
"refsource": "CONFIRM",
"url": "https://www.whatsapp.com/security/advisories/2020/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2020-1907",
"datePublished": "2020-10-06T17:35:27",
"dateReserved": "2019-12-02T00:00:00",
"dateUpdated": "2024-08-04T06:53:59.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-1904
Vulnerability from cvelistv5
Published
2020-10-06 17:35
Modified
2024-08-04 06:54
Severity ?
EPSS score ?
Summary
A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed for directory traversal overwriting files when sending specially crafted docx, xlsx, and pptx files as attachments to messages.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.whatsapp.com/security/advisories/2020/ | x_refsource_CONFIRM |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| WhatsApp for iOS | ||
| WhatsApp Business for iOS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:54:00.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.whatsapp.com/security/advisories/2020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WhatsApp for iOS",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.20.61"
},
{
"lessThan": "2.20.61",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp Business for iOS",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.20.61"
},
{
"lessThan": "2.20.61",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2020-10-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed for directory traversal overwriting files when sending specially crafted docx, xlsx, and pptx files as attachments to messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-02T11:59:30",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.whatsapp.com/security/advisories/2020/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2020-10-06",
"ID": "CVE-2020-1904",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WhatsApp for iOS",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.20.61"
},
{
"version_affected": "\u003c",
"version_value": "2.20.61"
}
]
}
},
{
"product_name": "WhatsApp Business for iOS",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.20.61"
},
{
"version_affected": "\u003c",
"version_value": "2.20.61"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed for directory traversal overwriting files when sending specially crafted docx, xlsx, and pptx files as attachments to messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23: Relative Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.whatsapp.com/security/advisories/2020/",
"refsource": "CONFIRM",
"url": "https://www.whatsapp.com/security/advisories/2020/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2020-1904",
"datePublished": "2020-10-06T17:35:26",
"dateReserved": "2019-12-02T00:00:00",
"dateUpdated": "2024-08-04T06:54:00.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-1909
Vulnerability from cvelistv5
Published
2020-11-03 19:15
Modified
2024-08-04 06:53
Severity ?
EPSS score ?
Summary
A use-after-free in a logging library in WhatsApp for iOS prior to v2.20.111 and WhatsApp Business for iOS prior to v2.20.111 could have resulted in memory corruption, crashes and potentially code execution. This could have happened only if several events occurred together in sequence, including receiving an animated sticker while placing a WhatsApp video call on hold.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.whatsapp.com/security/advisories/2020/ | x_refsource_CONFIRM |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| WhatsApp Business for iOS | ||
| WhatsApp for iOS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:53:59.797Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.whatsapp.com/security/advisories/2020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WhatsApp Business for iOS",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.20.111"
},
{
"lessThan": "2.20.111",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.20.81",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp for iOS",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.20.111"
},
{
"lessThan": "2.20.111",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.20.81",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2020-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free in a logging library in WhatsApp for iOS prior to v2.20.111 and WhatsApp Business for iOS prior to v2.20.111 could have resulted in memory corruption, crashes and potentially code execution. This could have happened only if several events occurred together in sequence, including receiving an animated sticker while placing a WhatsApp video call on hold."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-03T19:15:17",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.whatsapp.com/security/advisories/2020/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2020-11-03",
"ID": "CVE-2020-1909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WhatsApp Business for iOS",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.20.111"
},
{
"version_affected": "\u003c",
"version_value": "2.20.111"
},
{
"version_affected": "\u003e=",
"version_value": "2.20.81"
}
]
}
},
{
"product_name": "WhatsApp for iOS",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.20.111"
},
{
"version_affected": "\u003c",
"version_value": "2.20.111"
},
{
"version_affected": "\u003e=",
"version_value": "2.20.81"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use-after-free in a logging library in WhatsApp for iOS prior to v2.20.111 and WhatsApp Business for iOS prior to v2.20.111 could have resulted in memory corruption, crashes and potentially code execution. This could have happened only if several events occurred together in sequence, including receiving an animated sticker while placing a WhatsApp video call on hold."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.whatsapp.com/security/advisories/2020/",
"refsource": "CONFIRM",
"url": "https://www.whatsapp.com/security/advisories/2020/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2020-1909",
"datePublished": "2020-11-03T19:15:17",
"dateReserved": "2019-12-02T00:00:00",
"dateUpdated": "2024-08-04T06:53:59.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-20655
Vulnerability from cvelistv5
Published
2019-06-14 17:02
Modified
2024-08-05 12:05
Severity ?
EPSS score ?
Summary
When receiving calls using WhatsApp for iOS, a missing size check when parsing a sender-provided packet allowed for a stack-based overflow. This issue affects WhatsApp for iOS prior to v2.18.90.24 and WhatsApp Business for iOS prior to v2.18.90.24.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.facebook.com/security/advisories/cve-2018-20655/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/108805 | vdb-entry, x_refsource_BID |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| WhatsApp for iOS | ||
| WhatsApp Business for iOS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:05:17.701Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.facebook.com/security/advisories/cve-2018-20655/"
},
{
"name": "108805",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108805"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WhatsApp for iOS",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.18.90.24"
},
{
"lessThan": "2.18.90.24",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp Business for iOS",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.18.90.24"
},
{
"lessThan": "2.18.90.24",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2018-12-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "When receiving calls using WhatsApp for iOS, a missing size check when parsing a sender-provided packet allowed for a stack-based overflow. This issue affects WhatsApp for iOS prior to v2.18.90.24 and WhatsApp Business for iOS prior to v2.18.90.24."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow (CWE-121)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-18T17:06:04",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.facebook.com/security/advisories/cve-2018-20655/"
},
{
"name": "108805",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108805"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2018-12-30",
"ID": "CVE-2018-20655",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WhatsApp for iOS",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.18.90.24"
},
{
"version_affected": "\u003c",
"version_value": "2.18.90.24"
}
]
}
},
{
"product_name": "WhatsApp Business for iOS",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.18.90.24"
},
{
"version_affected": "\u003c",
"version_value": "2.18.90.24"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When receiving calls using WhatsApp for iOS, a missing size check when parsing a sender-provided packet allowed for a stack-based overflow. This issue affects WhatsApp for iOS prior to v2.18.90.24 and WhatsApp Business for iOS prior to v2.18.90.24."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow (CWE-121)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.facebook.com/security/advisories/cve-2018-20655/",
"refsource": "MISC",
"url": "https://www.facebook.com/security/advisories/cve-2018-20655/"
},
{
"name": "108805",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108805"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2018-20655",
"datePublished": "2019-06-14T17:02:57",
"dateReserved": "2019-01-02T00:00:00",
"dateUpdated": "2024-08-05T12:05:17.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-1903
Vulnerability from cvelistv5
Published
2020-10-06 17:35
Modified
2024-08-04 06:53
Severity ?
EPSS score ?
Summary
An issue when unzipping docx, pptx, and xlsx documents in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have resulted in an out-of-memory denial of service. This issue would have required the receiver to explicitly open the attachment if it was received from a number not in the receiver's WhatsApp contacts.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.whatsapp.com/security/advisories/2020/ | x_refsource_CONFIRM |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| WhatsApp for iOS | ||
| WhatsApp Business for iOS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:53:59.757Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.whatsapp.com/security/advisories/2020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WhatsApp for iOS",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.20.61"
},
{
"lessThan": "2.20.61",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp Business for iOS",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.20.61"
},
{
"lessThan": "2.20.61",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2020-10-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue when unzipping docx, pptx, and xlsx documents in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have resulted in an out-of-memory denial of service. This issue would have required the receiver to explicitly open the attachment if it was received from a number not in the receiver\u0027s WhatsApp contacts."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-06T17:35:25",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.whatsapp.com/security/advisories/2020/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2020-10-06",
"ID": "CVE-2020-1903",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WhatsApp for iOS",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.20.61"
},
{
"version_affected": "\u003c",
"version_value": "2.20.61"
}
]
}
},
{
"product_name": "WhatsApp Business for iOS",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.20.61"
},
{
"version_affected": "\u003c",
"version_value": "2.20.61"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue when unzipping docx, pptx, and xlsx documents in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have resulted in an out-of-memory denial of service. This issue would have required the receiver to explicitly open the attachment if it was received from a number not in the receiver\u0027s WhatsApp contacts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.whatsapp.com/security/advisories/2020/",
"refsource": "CONFIRM",
"url": "https://www.whatsapp.com/security/advisories/2020/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2020-1903",
"datePublished": "2020-10-06T17:35:25",
"dateReserved": "2019-12-02T00:00:00",
"dateUpdated": "2024-08-04T06:53:59.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-38537
Vulnerability from cvelistv5
Published
2023-10-04 19:09
Modified
2024-09-19 15:27
Severity ?
EPSS score ?
Summary
A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that could have resulted in app termination or unexpected control flow with very low probability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.whatsapp.com/security/advisories/2023/ | x_refsource_CONFIRM |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:46:56.022Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.whatsapp.com/security/advisories/2023/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38537",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T15:27:15.314042Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T15:27:23.286Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "WhatsApp Desktop for Mac",
"vendor": "Facebook",
"versions": [
{
"lessThan": "2.2338.12",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "WhatsApp Desktop for Windows",
"vendor": "Facebook",
"versions": [
{
"lessThan": "2.2320.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "WhatsApp Business for iOS",
"vendor": "Facebook",
"versions": [
{
"lessThan": "2.23.10.77",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "WhatsApp for iOS",
"vendor": "Facebook",
"versions": [
{
"lessThan": "2.23.10.77",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "WhatsApp Business for Android",
"vendor": "Facebook",
"versions": [
{
"lessThan": "2.23.10.77",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "WhatsApp for Android",
"vendor": "Facebook",
"versions": [
{
"lessThan": "2.23.10.77",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"dateAssigned": "2023-07-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that could have resulted in app termination or unexpected control flow with very low probability."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-416, CWE-366",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-04T19:09:58.086Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.whatsapp.com/security/advisories/2023/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2023-38537",
"datePublished": "2023-10-04T19:09:58.086Z",
"dateReserved": "2023-07-19T20:34:49.827Z",
"dateUpdated": "2024-09-19T15:27:23.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}