Search criteria
81 vulnerabilities found for whatsapp_business by whatsapp
FKIE_CVE-2025-55179
Vulnerability from fkie_nvd - Published: 2025-11-18 15:16 - Updated: 2025-11-25 17:35
Severity ?
Summary
Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device. We have not seen evidence of exploitation in the wild.
References
| URL | Tags | ||
|---|---|---|---|
| cve-assign@fb.com | https://www.facebook.com/security/advisories/cve-2025-55179 | Vendor Advisory | |
| cve-assign@fb.com | https://www.whatsapp.com/security/advisories/2025/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "05D8407F-8992-483D-A0DA-647C1291378D",
"versionEndExcluding": "2.25.23.83",
"versionStartIncluding": "2.25.8.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "332FD04C-066B-4A88-8F85-AAE1BCBE3B48",
"versionEndExcluding": "2.25.23.73",
"versionStartIncluding": "2.25.8.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:whatsapp:whatsapp_business:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "5542D196-8D14-483A-ABAB-0A85EAF6FD82",
"versionEndExcluding": "2.25.23.82",
"versionStartIncluding": "2.25.8.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger processing of media content from an arbitrary URL on another user\u2019s device. We have not seen evidence of exploitation in the wild."
}
],
"id": "CVE-2025-55179",
"lastModified": "2025-11-25T17:35:13.610",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "cve-assign@fb.com",
"type": "Secondary"
}
]
},
"published": "2025-11-18T15:16:32.177",
"references": [
{
"source": "cve-assign@fb.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.facebook.com/security/advisories/cve-2025-55179"
},
{
"source": "cve-assign@fb.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.whatsapp.com/security/advisories/2025/"
}
],
"sourceIdentifier": "cve-assign@fb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-55177
Vulnerability from fkie_nvd - Published: 2025-08-29 16:15 - Updated: 2025-10-24 14:14
Severity ?
Summary
Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device. We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users.
References
{
"cisaActionDue": "2025-09-23",
"cisaExploitAdd": "2025-09-02",
"cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Meta Platforms WhatsApp Incorrect Authorization Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "AD89DE9C-CE23-499F-8436-3DA8B2A2ECF4",
"versionEndExcluding": "2.25.21.73",
"versionStartIncluding": "2.22.25.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "CA1A1B3A-90A5-4EA1-AC4B-715127CE9DE7",
"versionEndExcluding": "2.25.21.78",
"versionStartIncluding": "2.22.25.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:whatsapp:whatsapp_business:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "5DE9273B-2DA9-4BCE-8840-CB0B63163646",
"versionEndExcluding": "2.25.21.78",
"versionStartIncluding": "2.22.25.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target\u2019s device. We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users."
}
],
"id": "CVE-2025-55177",
"lastModified": "2025-10-24T14:14:08.077",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "cve-assign@fb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-29T16:15:36.723",
"references": [
{
"source": "cve-assign@fb.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.facebook.com/security/advisories/cve-2025-55177"
},
{
"source": "cve-assign@fb.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.whatsapp.com/security/advisories/2025/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-55177"
}
],
"sourceIdentifier": "cve-assign@fb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-36934
Vulnerability from fkie_nvd - Published: 2022-09-22 22:15 - Updated: 2025-09-24 19:43
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An integer overflow in WhatsApp could result in remote code execution in an established video call.
References
| URL | Tags | ||
|---|---|---|---|
| cve-assign@fb.com | https://www.whatsapp.com/security/advisories/2022/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.whatsapp.com/security/advisories/2022/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| * | |||
| * | |||
| whatsapp_business | * | ||
| whatsapp_business | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:-:android:*:*",
"matchCriteriaId": "039958FD-E011-4F9C-AD30-5BF85819C8CC",
"versionEndExcluding": "2.22.16.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:-:iphone_os:*:*",
"matchCriteriaId": "BE8C49E2-B47D-4B1D-B76E-EE817BDA698A",
"versionEndExcluding": "2.22.16.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:whatsapp:whatsapp_business:*:*:*:*:*:android:*:*",
"matchCriteriaId": "D1F1181B-E061-4EA6-9A4E-DB3B03CDB430",
"versionEndExcluding": "2.22.16.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:whatsapp:whatsapp_business:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "3A3B7D3A-D9CD-434E-B8CE-65B4004F25C1",
"versionEndExcluding": "2.22.16.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow in WhatsApp could result in remote code execution in an established video call."
},
{
"lang": "es",
"value": "Un desbordamiento de enteros en WhatsApp podr\u00eda dar resultar en una ejecuci\u00f3n de c\u00f3digo remota en una videollamada establecida"
}
],
"id": "CVE-2022-36934",
"lastModified": "2025-09-24T19:43:25.823",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-09-22T22:15:09.627",
"references": [
{
"source": "cve-assign@fb.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.whatsapp.com/security/advisories/2022/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.whatsapp.com/security/advisories/2022/"
}
],
"sourceIdentifier": "cve-assign@fb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "cve-assign@fb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-24043
Vulnerability from fkie_nvd - Published: 2022-02-02 12:15 - Updated: 2024-11-21 05:52
Severity ?
Summary
A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business for Android v2.21.23.2, WhatsApp for iOS v2.21.230.6, WhatsApp Business for iOS 2.21.230.7, and WhatsApp Desktop v2.2145.0 could have allowed an out-of-bounds heap read if a user sent a malformed RTCP packet during an established call.
References
| URL | Tags | ||
|---|---|---|---|
| cve-assign@fb.com | https://www.whatsapp.com/security/advisories/2021/ | Not Applicable, Vendor Advisory | |
| nvd@nist.gov | https://www.whatsapp.com/security/advisories/2022/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.whatsapp.com/security/advisories/2021/ | Not Applicable, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 2.21.23.2 | |||
| 2.21.230.6 | |||
| 2.2145.0 | |||
| whatsapp_business | 2.21.23.2 | ||
| whatsapp_business | 2.21.230.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:whatsapp:whatsapp:2.21.23.2:*:*:*:*:android:*:*",
"matchCriteriaId": "E2C25B9E-58CC-4252-BD71-5BE434424C25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:whatsapp:whatsapp:2.21.230.6:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "A008CAA3-8937-4AB2-8A94-D31CFD982BC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:whatsapp:whatsapp:2.2145.0:*:*:*:desktop:*:*:*",
"matchCriteriaId": "FCD713BE-B324-4668-B4EC-6967987DD89C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:whatsapp:whatsapp_business:2.21.23.2:*:*:*:*:android:*:*",
"matchCriteriaId": "54C89209-4539-4E2C-A4C3-C88489CD3D51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:whatsapp:whatsapp_business:2.21.230.7:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "C5B4676D-A585-4F23-805B-A5CC995A498B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business for Android v2.21.23.2, WhatsApp for iOS v2.21.230.6, WhatsApp Business for iOS 2.21.230.7, and WhatsApp Desktop v2.2145.0 could have allowed an out-of-bounds heap read if a user sent a malformed RTCP packet during an established call."
},
{
"lang": "es",
"value": "Una comprobaci\u00f3n de l\u00edmites ausente en el c\u00f3digo de an\u00e1lisis de banderas RTCP anterior a WhatsApp para Android versi\u00f3n v2.21.23.2, WhatsApp Business para Android versi\u00f3n v2.21.23.2, WhatsApp para iOS versi\u00f3n v2.21.230.6, WhatsApp Business para iOS versi\u00f3n 2.21.230.7 y WhatsApp Desktop versi\u00f3n v2.2145.0, podr\u00eda haber permitido una lectura de pila fuera de l\u00edmites si un usuario enviaba un paquete RTCP malformado durante una llamada establecida"
}
],
"id": "CVE-2021-24043",
"lastModified": "2024-11-21T05:52:16.160",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-02T12:15:07.890",
"references": [
{
"source": "cve-assign@fb.com",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "https://www.whatsapp.com/security/advisories/2021/"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://www.whatsapp.com/security/advisories/2022/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Vendor Advisory"
],
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
],
"sourceIdentifier": "cve-assign@fb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-24041
Vulnerability from fkie_nvd - Published: 2021-12-07 19:15 - Updated: 2024-11-21 05:52
Severity ?
Summary
A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android v2.21.22.7 could have allowed an out-of-bounds write if a user sent a malicious image.
References
| URL | Tags | ||
|---|---|---|---|
| cve-assign@fb.com | https://www.whatsapp.com/security/advisories/2021/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.whatsapp.com/security/advisories/2021/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| * | |||
| whatsapp_business | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:android:*:*",
"matchCriteriaId": "B86CA66D-98E9-431A-A397-45332A71C06E",
"versionEndExcluding": "2.21.22.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:whatsapp:whatsapp_business:*:*:*:*:*:android:*:*",
"matchCriteriaId": "18DAE9BF-DACB-4EFE-90AC-53AB127877FD",
"versionEndExcluding": "2.21.22.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android v2.21.22.7 could have allowed an out-of-bounds write if a user sent a malicious image."
},
{
"lang": "es",
"value": "Una comprobaci\u00f3n de l\u00edmites faltante en el c\u00f3digo de desenfoque de im\u00e1genes anterior a WhatsApp para Android v2.21.22.7 y WhatsApp Business para Android v2.21.22.7 podr\u00eda haber permitido una escritura fuera de l\u00edmites si un usuario enviaba una imagen maliciosa"
}
],
"id": "CVE-2021-24041",
"lastModified": "2024-11-21T05:52:15.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-07T19:15:07.430",
"references": [
{
"source": "cve-assign@fb.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.whatsapp.com/security/advisories/2021/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
],
"sourceIdentifier": "cve-assign@fb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "cve-assign@fb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-24035
Vulnerability from fkie_nvd - Published: 2021-06-11 04:15 - Updated: 2025-09-03 17:36
Severity ?
Summary
A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files.
References
| URL | Tags | ||
|---|---|---|---|
| cve-assign@fb.com | https://www.whatsapp.com/security/advisories/2021/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.whatsapp.com/security/advisories/2021/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| * | |||
| whatsapp_business | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:-:android:*:*",
"matchCriteriaId": "10695AFD-3693-4566-A016-BE769BA53E5D",
"versionEndExcluding": "2.21.8.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:whatsapp:whatsapp_business:*:*:*:*:*:android:*:*",
"matchCriteriaId": "C667F31C-A63A-4459-9D2E-3007116C89D1",
"versionEndExcluding": "2.21.8.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files."
},
{
"lang": "es",
"value": "Una falta de comprobaci\u00f3n de los nombres de archivo al descomprimir archivos anterior a versi\u00f3n de WhatsApp para Android versi\u00f3n v2.21.8.13 y WhatsApp Business para Android versi\u00f3n v2.21.8.13, podr\u00eda haber permitido ataques de salto de rutas que sobrescribieran los archivos de WhatsApp"
}
],
"id": "CVE-2021-24035",
"lastModified": "2025-09-03T17:36:53.303",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-11T04:15:08.887",
"references": [
{
"source": "cve-assign@fb.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.whatsapp.com/security/advisories/2021/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
],
"sourceIdentifier": "cve-assign@fb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-23"
}
],
"source": "cve-assign@fb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-24027
Vulnerability from fkie_nvd - Published: 2021-04-06 17:15 - Updated: 2024-11-21 05:52
Severity ?
Summary
A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device’s external storage to read cached TLS material.
References
| URL | Tags | ||
|---|---|---|---|
| cve-assign@fb.com | https://www.whatsapp.com/security/advisories/2021/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.whatsapp.com/security/advisories/2021/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| * | |||
| whatsapp_business | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:android:*:*",
"matchCriteriaId": "5F9D91CC-43EE-4F76-ACE5-8DA2DAAA9012",
"versionEndExcluding": "2.21.4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:whatsapp:whatsapp_business:*:*:*:*:*:android:*:*",
"matchCriteriaId": "9F814EFA-6C24-47CA-9180-7047B92717D2",
"versionEndExcluding": "2.21.4.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device\u2019s external storage to read cached TLS material."
},
{
"lang": "es",
"value": "Un problema de configuraci\u00f3n de cach\u00e9 anterior a WhatsApp para Android versi\u00f3n v2.21.4.18 y WhatsApp Business para Android versi\u00f3n v2.21.4.18, puede haber permitido a un tercero con acceso al almacenamiento externo del dispositivo leer material TLS almacenado en cach\u00e9"
}
],
"id": "CVE-2021-24027",
"lastModified": "2024-11-21T05:52:14.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-06T17:15:12.977",
"references": [
{
"source": "cve-assign@fb.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.whatsapp.com/security/advisories/2021/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
],
"sourceIdentifier": "cve-assign@fb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-524"
}
],
"source": "cve-assign@fb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-24026
Vulnerability from fkie_nvd - Published: 2021-04-06 17:15 - Updated: 2024-11-21 05:52
Severity ?
Summary
A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write.
References
| URL | Tags | ||
|---|---|---|---|
| cve-assign@fb.com | https://www.whatsapp.com/security/advisories/2021/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.whatsapp.com/security/advisories/2021/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| * | |||
| * | |||
| whatsapp_business | * | ||
| whatsapp_business | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:android:*:*",
"matchCriteriaId": "A2F90DE0-CAA1-417A-9D8A-279C966CF126",
"versionEndExcluding": "2.21.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "63C685C5-9E36-456E-8627-F7789BF9A817",
"versionEndExcluding": "2.21.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:whatsapp:whatsapp_business:*:*:*:*:*:android:*:*",
"matchCriteriaId": "8C00EB21-B107-4D99-9D1E-09B0FA443F3F",
"versionEndExcluding": "2.21.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:whatsapp:whatsapp_business:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "735449C3-06DF-4F11-B821-5DDB5F2BC2F1",
"versionEndExcluding": "2.21.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write."
},
{
"lang": "es",
"value": "Una falta de comprobaci\u00f3n de l\u00edmites dentro de la tuber\u00eda de decodificaci\u00f3n de audio para llamadas de WhatsApp en WhatsApp para Android versiones anteriores a v2.21.3, WhatsApp Business para Android versiones anteriores a v2.21.3, WhatsApp para iOS versiones anteriores a v2.21.32 y WhatsApp Business para iOS versiones anteriores a v2. 21.32, podr\u00eda haber permitido una escritura fuera de l\u00edmites"
}
],
"id": "CVE-2021-24026",
"lastModified": "2024-11-21T05:52:14.183",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-06T17:15:12.870",
"references": [
{
"source": "cve-assign@fb.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.whatsapp.com/security/advisories/2021/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
],
"sourceIdentifier": "cve-assign@fb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "cve-assign@fb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-1910
Vulnerability from fkie_nvd - Published: 2021-02-02 20:15 - Updated: 2024-11-21 05:11
Severity ?
Summary
A missing bounds check in WhatsApp for Android prior to v2.21.1.13 and WhatsApp Business for Android prior to v2.21.1.13 could have allowed out-of-bounds read and write if a user applied specific image filters to a specially crafted image and sent the resulting image.
References
| URL | Tags | ||
|---|---|---|---|
| cve-assign@fb.com | https://www.whatsapp.com/security/advisories/2021/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.whatsapp.com/security/advisories/2021/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| * | |||
| whatsapp_business | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:android:*:*",
"matchCriteriaId": "E9EAEDF7-0AB4-4F7F-9D0D-71CB800870A5",
"versionEndExcluding": "2.21.1.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:whatsapp:whatsapp_business:*:*:*:*:*:android:*:*",
"matchCriteriaId": "9A046C9D-E9B5-498C-8D0A-576B5730E6F8",
"versionEndExcluding": "2.21.1.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A missing bounds check in WhatsApp for Android prior to v2.21.1.13 and WhatsApp Business for Android prior to v2.21.1.13 could have allowed out-of-bounds read and write if a user applied specific image filters to a specially crafted image and sent the resulting image."
},
{
"lang": "es",
"value": "Una falta de comprobaci\u00f3n de l\u00edmites en WhatsApp para Android anterior a la v2.21.1.13 y WhatsApp Business para Android anterior a la versi\u00f3n v2.21.1.13, podr\u00eda haber permitido la lectura y escritura fuera de l\u00edmites si un usuario aplicaba filtros de imagen espec\u00edficos a una imagen especialmente dise\u00f1ada y enviar la imagen resultante"
}
],
"id": "CVE-2020-1910",
"lastModified": "2024-11-21T05:11:35.680",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-02T20:15:11.970",
"references": [
{
"source": "cve-assign@fb.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.whatsapp.com/security/advisories/2021/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
],
"sourceIdentifier": "cve-assign@fb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "cve-assign@fb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-1908
Vulnerability from fkie_nvd - Published: 2020-11-03 20:15 - Updated: 2024-11-21 05:11
Severity ?
Summary
Improper authorization of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior to v2.20.100 could have permitted use of Siri to interact with the WhatsApp application even after the phone was locked.
References
| URL | Tags | ||
|---|---|---|---|
| cve-assign@fb.com | https://www.whatsapp.com/security/advisories/2020/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.whatsapp.com/security/advisories/2020/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| * | |||
| whatsapp_business | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "530735AF-E014-4218-9EAD-39FC0EDC9B46",
"versionEndExcluding": "2.20.100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:whatsapp:whatsapp_business:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "F7A546C8-BFFF-438D-8201-F68F1AD15389",
"versionEndExcluding": "2.20.100",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper authorization of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior to v2.20.100 could have permitted use of Siri to interact with the WhatsApp application even after the phone was locked."
},
{
"lang": "es",
"value": "La autorizaci\u00f3n inapropiada de la funcionalidad Screen Lock en WhatsApp y WhatsApp Business para iOS anterior a versi\u00f3n v2.20.100, podr\u00eda haber permitido el uso de Siri para interactuar con la aplicaci\u00f3n WhatsApp inclusive despu\u00e9s de que el tel\u00e9fono estuviera bloqueado"
}
],
"id": "CVE-2020-1908",
"lastModified": "2024-11-21T05:11:35.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-03T20:15:12.330",
"references": [
{
"source": "cve-assign@fb.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.whatsapp.com/security/advisories/2020/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.whatsapp.com/security/advisories/2020/"
}
],
"sourceIdentifier": "cve-assign@fb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "cve-assign@fb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-552"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-1909
Vulnerability from fkie_nvd - Published: 2020-11-03 20:15 - Updated: 2024-11-21 05:11
Severity ?
Summary
A use-after-free in a logging library in WhatsApp for iOS prior to v2.20.111 and WhatsApp Business for iOS prior to v2.20.111 could have resulted in memory corruption, crashes and potentially code execution. This could have happened only if several events occurred together in sequence, including receiving an animated sticker while placing a WhatsApp video call on hold.
References
| URL | Tags | ||
|---|---|---|---|
| cve-assign@fb.com | https://www.whatsapp.com/security/advisories/2020/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.whatsapp.com/security/advisories/2020/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| * | |||
| whatsapp_business | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "94A5904E-1921-4B50-93DD-1D82CBC1DF9B",
"versionEndExcluding": "2.20.111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:whatsapp:whatsapp_business:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "1B569A24-2305-4924-9AB7-2EB6F1B27685",
"versionEndExcluding": "2.20.111",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A use-after-free in a logging library in WhatsApp for iOS prior to v2.20.111 and WhatsApp Business for iOS prior to v2.20.111 could have resulted in memory corruption, crashes and potentially code execution. This could have happened only if several events occurred together in sequence, including receiving an animated sticker while placing a WhatsApp video call on hold."
},
{
"lang": "es",
"value": "Un uso de la memoria previamente liberada en una biblioteca de registro en WhatsApp para iOS anterior a versi\u00f3n v2.20.111 y WhatsApp Business para iOS anterior a versi\u00f3n v2.20.111, podr\u00eda haber resultado en una corrupci\u00f3n de la memoria, fallos y potencialmente una ejecuci\u00f3n de c\u00f3digo.\u0026#xa0;Esto podr\u00eda haber sucedido solo si varios eventos ocurrieron juntos en secuencia, incluyendo la recepci\u00f3n de una pegatina animada mientras se coloca una videollamada de WhatsApp en espera"
}
],
"id": "CVE-2020-1909",
"lastModified": "2024-11-21T05:11:35.573",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-03T20:15:12.470",
"references": [
{
"source": "cve-assign@fb.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.whatsapp.com/security/advisories/2020/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.whatsapp.com/security/advisories/2020/"
}
],
"sourceIdentifier": "cve-assign@fb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "cve-assign@fb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-55179 (GCVE-0-2025-55179)
Vulnerability from cvelistv5 – Published: 2025-11-18 13:56 – Updated: 2025-11-18 14:25
VLAI?
Summary
Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device. We have not seen evidence of exploitation in the wild.
Severity ?
CWE
- Incorrect Authorization (CWE-863)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WhatsApp Business for iOS |
Affected:
2.25.8.14 , < 2.25.23.82
(semver)
|
|||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55179",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T14:22:05.852548Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T14:25:08.232Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "WhatsApp Business for iOS",
"vendor": "Facebook",
"versions": [
{
"lessThan": "2.25.23.82",
"status": "affected",
"version": "2.25.8.14",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WhatsApp for iOS",
"vendor": "Facebook",
"versions": [
{
"lessThan": "2.25.23.73",
"status": "affected",
"version": "2.25.8.17",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WhatsApp Desktop for Mac",
"vendor": "Facebook",
"versions": [
{
"lessThan": "2.25.23.83",
"status": "affected",
"version": "2.25.8.14",
"versionType": "semver"
}
]
}
],
"dateAssigned": "2025-11-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger processing of media content from an arbitrary URL on another user\u2019s device. We have not seen evidence of exploitation in the wild."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Authorization (CWE-863)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T13:56:31.598Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "Meta"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.facebook.com/security/advisories/cve-2025-55179"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.whatsapp.com/security/advisories/2025/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "Meta",
"cveId": "CVE-2025-55179",
"datePublished": "2025-11-18T13:56:31.598Z",
"dateReserved": "2025-08-08T18:21:47.119Z",
"dateUpdated": "2025-11-18T14:25:08.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-55177 (GCVE-0-2025-55177)
Vulnerability from cvelistv5 – Published: 2025-08-29 15:50 – Updated: 2025-10-21 22:45
VLAI?
Summary
Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device. We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users.
Severity ?
CWE
- Incorrect Authorization (CWE-863)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WhatsApp Desktop for Mac |
Affected:
2.22.25.2 , < 2.25.21.78
(semver)
|
|||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55177",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-30T03:55:35.684164Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-09-02",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-55177"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:45:20.172Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-55177"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-02T00:00:00+00:00",
"value": "CVE-2025-55177 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WhatsApp Desktop for Mac",
"vendor": "Facebook",
"versions": [
{
"lessThan": "2.25.21.78",
"status": "affected",
"version": "2.22.25.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WhatsApp Business for iOS",
"vendor": "Facebook",
"versions": [
{
"lessThan": "2.25.21.78",
"status": "affected",
"version": "2.22.25.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WhatsApp for iOS",
"vendor": "Facebook",
"versions": [
{
"lessThan": "2.25.21.73",
"status": "affected",
"version": "2.22.25.2",
"versionType": "semver"
}
]
}
],
"dateAssigned": "2025-08-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target\u2019s device. We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Authorization (CWE-863)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-30T16:54:33.495Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.facebook.com/security/advisories/cve-2025-55177"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.whatsapp.com/security/advisories/2025/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2025-55177",
"datePublished": "2025-08-29T15:50:28.578Z",
"dateReserved": "2025-08-08T18:21:47.118Z",
"dateUpdated": "2025-10-21T22:45:20.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36934 (GCVE-0-2022-36934)
Vulnerability from cvelistv5 – Published: 2022-09-22 21:30 – Updated: 2025-05-27 16:05
VLAI?
Summary
An integer overflow in WhatsApp could result in remote code execution in an established video call.
Severity ?
9.8 (Critical)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Meta | WhatsApp for iOS |
Affected:
unspecified , < 2.22.16.12
(custom)
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.100Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.whatsapp.com/security/advisories/2022/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-36934",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-27T16:05:45.458311Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T16:05:50.201Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WhatsApp for iOS",
"vendor": "Meta",
"versions": [
{
"lessThan": "2.22.16.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp Business for iOS",
"vendor": "Meta",
"versions": [
{
"lessThan": "2.22.16.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp for Android",
"vendor": "Meta",
"versions": [
{
"lessThan": "2.22.16.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp Business for Android",
"vendor": "Meta",
"versions": [
{
"lessThan": "2.22.16.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2022-07-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An integer overflow in WhatsApp could result in remote code execution in an established video call."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-22T21:30:11.000Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.whatsapp.com/security/advisories/2022/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2022-07-27",
"ID": "CVE-2022-36934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WhatsApp for iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.22.16.12"
}
]
}
},
{
"product_name": "WhatsApp Business for iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.22.16.12"
}
]
}
},
{
"product_name": "WhatsApp for Android",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.22.16.12"
}
]
}
},
{
"product_name": "WhatsApp Business for Android",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.22.16.12"
}
]
}
}
]
},
"vendor_name": "Meta"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An integer overflow in WhatsApp could result in remote code execution in an established video call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.whatsapp.com/security/advisories/2022/",
"refsource": "CONFIRM",
"url": "https://www.whatsapp.com/security/advisories/2022/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2022-36934",
"datePublished": "2022-09-22T21:30:11.000Z",
"dateReserved": "2022-07-27T00:00:00.000Z",
"dateUpdated": "2025-05-27T16:05:50.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24043 (GCVE-0-2021-24043)
Vulnerability from cvelistv5 – Published: 2022-02-02 11:59 – Updated: 2024-08-03 19:21
VLAI?
Summary
A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business for Android v2.21.23.2, WhatsApp for iOS v2.21.230.6, WhatsApp Business for iOS 2.21.230.7, and WhatsApp Desktop v2.2145.0 could have allowed an out-of-bounds heap read if a user sent a malformed RTCP packet during an established call.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:17.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2021-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business for Android v2.21.23.2, WhatsApp for iOS v2.21.230.6, WhatsApp Business for iOS 2.21.230.7, and WhatsApp Desktop v2.2145.0 could have allowed an out-of-bounds heap read if a user sent a malformed RTCP packet during an established call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-02T11:59:31",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2021-11-09",
"ID": "CVE-2021-24043",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business for Android v2.21.23.2, WhatsApp for iOS v2.21.230.6, WhatsApp Business for iOS 2.21.230.7, and WhatsApp Desktop v2.2145.0 could have allowed an out-of-bounds heap read if a user sent a malformed RTCP packet during an established call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.whatsapp.com/security/advisories/2021/",
"refsource": "CONFIRM",
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2021-24043",
"datePublished": "2022-02-02T11:59:31",
"dateReserved": "2021-01-13T00:00:00",
"dateUpdated": "2024-08-03T19:21:17.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24041 (GCVE-0-2021-24041)
Vulnerability from cvelistv5 – Published: 2021-12-07 19:10 – Updated: 2024-08-03 19:21
VLAI?
Summary
A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android v2.21.22.7 could have allowed an out-of-bounds write if a user sent a malicious image.
Severity ?
No CVSS data available.
CWE
- CWE-122 - Heap-based Buffer Overflow (CWE-122)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| WhatsApp Business for Android |
Affected:
unspecified , < v2.21.22.7
(custom)
Unaffected: v2.21.22.7 , < unspecified (custom) |
||||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:17.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WhatsApp Business for Android",
"vendor": "Facebook",
"versions": [
{
"lessThan": "v2.21.22.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "v2.21.22.7",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp for Android",
"vendor": "Facebook",
"versions": [
{
"lessThan": "v2.21.22.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "v2.21.22.7",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2021-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android v2.21.22.7 could have allowed an out-of-bounds write if a user sent a malicious image."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow (CWE-122)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-07T19:10:09",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2021-11-09",
"ID": "CVE-2021-24041",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WhatsApp Business for Android",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.21.22.7"
},
{
"version_affected": "!\u003e=",
"version_value": "v2.21.22.7"
}
]
}
},
{
"product_name": "WhatsApp for Android",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.21.22.7"
},
{
"version_affected": "!\u003e=",
"version_value": "v2.21.22.7"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android v2.21.22.7 could have allowed an out-of-bounds write if a user sent a malicious image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow (CWE-122)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.whatsapp.com/security/advisories/2021/",
"refsource": "CONFIRM",
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2021-24041",
"datePublished": "2021-12-07T19:10:09",
"dateReserved": "2021-01-13T00:00:00",
"dateUpdated": "2024-08-03T19:21:17.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24035 (GCVE-0-2021-24035)
Vulnerability from cvelistv5 – Published: 2021-06-11 03:35 – Updated: 2024-08-03 19:21
VLAI?
Summary
A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files.
Severity ?
No CVSS data available.
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| WhatsApp Business for Android |
Affected:
unspecified , < v2.21.8.13
(custom)
|
||||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:17.185Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WhatsApp Business for Android",
"vendor": "Facebook",
"versions": [
{
"lessThan": "v2.21.8.13",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp for Android",
"vendor": "Facebook",
"versions": [
{
"lessThan": "v2.21.8.13",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2021-04-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T03:35:10",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2021-04-21",
"ID": "CVE-2021-24035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WhatsApp Business for Android",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.21.8.13"
}
]
}
},
{
"product_name": "WhatsApp for Android",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.21.8.13"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23: Relative Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.whatsapp.com/security/advisories/2021/",
"refsource": "CONFIRM",
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2021-24035",
"datePublished": "2021-06-11T03:35:10",
"dateReserved": "2021-01-13T00:00:00",
"dateUpdated": "2024-08-03T19:21:17.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24026 (GCVE-0-2021-24026)
Vulnerability from cvelistv5 – Published: 2021-04-06 16:45 – Updated: 2024-08-03 19:21
VLAI?
Summary
A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WhatsApp Business for iOS |
Affected:
unspecified , < v2.21.32
(custom)
|
||||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:17.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WhatsApp Business for iOS",
"vendor": "Facebook",
"versions": [
{
"lessThan": "v2.21.32",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp for iOS",
"vendor": "Facebook",
"versions": [
{
"lessThan": "v2.21.32",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp Business for Android",
"vendor": "Facebook",
"versions": [
{
"lessThan": "v2.21.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp for Android",
"vendor": "Facebook",
"versions": [
{
"lessThan": "v2.21.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T16:45:15",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2021-04-06",
"ID": "CVE-2021-24026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WhatsApp Business for iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.21.32"
}
]
}
},
{
"product_name": "WhatsApp for iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.21.32"
}
]
}
},
{
"product_name": "WhatsApp Business for Android",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.21.3"
}
]
}
},
{
"product_name": "WhatsApp for Android",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.21.3"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.whatsapp.com/security/advisories/2021/",
"refsource": "CONFIRM",
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2021-24026",
"datePublished": "2021-04-06T16:45:15",
"dateReserved": "2021-01-13T00:00:00",
"dateUpdated": "2024-08-03T19:21:17.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24027 (GCVE-0-2021-24027)
Vulnerability from cvelistv5 – Published: 2021-04-06 16:45 – Updated: 2024-08-03 19:21
VLAI?
Summary
A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device’s external storage to read cached TLS material.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| WhatsApp Business for Android |
Affected:
v2.21.4.18
|
||||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:17.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WhatsApp Business for Android",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "v2.21.4.18"
}
]
},
{
"product": "WhatsApp for Android",
"vendor": "Facebook",
"versions": [
{
"lessThan": "v2.21.4.18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device\u2019s external storage to read cached TLS material."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-524",
"description": "CWE-524",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T16:45:15",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2021-04-06",
"ID": "CVE-2021-24027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WhatsApp Business for Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v2.21.4.18"
}
]
}
},
{
"product_name": "WhatsApp for Android",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.21.4.18"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device\u2019s external storage to read cached TLS material."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-524"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.whatsapp.com/security/advisories/2021/",
"refsource": "CONFIRM",
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2021-24027",
"datePublished": "2021-04-06T16:45:15",
"dateReserved": "2021-01-13T00:00:00",
"dateUpdated": "2024-08-03T19:21:17.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1910 (GCVE-0-2020-1910)
Vulnerability from cvelistv5 – Published: 2021-02-02 19:55 – Updated: 2024-08-04 06:53
VLAI?
Summary
A missing bounds check in WhatsApp for Android prior to v2.21.1.13 and WhatsApp Business for Android prior to v2.21.1.13 could have allowed out-of-bounds read and write if a user applied specific image filters to a specially crafted image and sent the resulting image.
Severity ?
No CVSS data available.
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| WhatsApp Business for Android |
Affected:
unspecified , < v2.21.1.13
(custom)
Unaffected: v2.21.1.13 , < unspecified (custom) |
||||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:53:59.731Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WhatsApp Business for Android",
"vendor": "WhatsApp",
"versions": [
{
"lessThan": "v2.21.1.13",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "v2.21.1.13",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp for Android",
"vendor": "WhatsApp",
"versions": [
{
"lessThan": "v2.21.1.13",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "v2.21.1.13",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2021-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A missing bounds check in WhatsApp for Android prior to v2.21.1.13 and WhatsApp Business for Android prior to v2.21.1.13 could have allowed out-of-bounds read and write if a user applied specific image filters to a specially crafted image and sent the resulting image."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-02T19:55:13",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2021-02-02",
"ID": "CVE-2020-1910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WhatsApp Business for Android",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.21.1.13"
},
{
"version_affected": "!\u003e=",
"version_value": "v2.21.1.13"
}
]
}
},
{
"product_name": "WhatsApp for Android",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.21.1.13"
},
{
"version_affected": "!\u003e=",
"version_value": "v2.21.1.13"
}
]
}
}
]
},
"vendor_name": "WhatsApp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A missing bounds check in WhatsApp for Android prior to v2.21.1.13 and WhatsApp Business for Android prior to v2.21.1.13 could have allowed out-of-bounds read and write if a user applied specific image filters to a specially crafted image and sent the resulting image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.whatsapp.com/security/advisories/2021/",
"refsource": "CONFIRM",
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2020-1910",
"datePublished": "2021-02-02T19:55:13",
"dateReserved": "2019-12-02T00:00:00",
"dateUpdated": "2024-08-04T06:53:59.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1909 (GCVE-0-2020-1909)
Vulnerability from cvelistv5 – Published: 2020-11-03 19:15 – Updated: 2024-08-04 06:53
VLAI?
Summary
A use-after-free in a logging library in WhatsApp for iOS prior to v2.20.111 and WhatsApp Business for iOS prior to v2.20.111 could have resulted in memory corruption, crashes and potentially code execution. This could have happened only if several events occurred together in sequence, including receiving an animated sticker while placing a WhatsApp video call on hold.
Severity ?
No CVSS data available.
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| WhatsApp Business for iOS |
Affected:
2.20.111
Affected: unspecified , < 2.20.111 (custom) Affected: 2.20.81 , < unspecified (custom) |
||||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:53:59.797Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.whatsapp.com/security/advisories/2020/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WhatsApp Business for iOS",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.20.111"
},
{
"lessThan": "2.20.111",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.20.81",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp for iOS",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.20.111"
},
{
"lessThan": "2.20.111",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.20.81",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2020-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free in a logging library in WhatsApp for iOS prior to v2.20.111 and WhatsApp Business for iOS prior to v2.20.111 could have resulted in memory corruption, crashes and potentially code execution. This could have happened only if several events occurred together in sequence, including receiving an animated sticker while placing a WhatsApp video call on hold."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-03T19:15:17",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.whatsapp.com/security/advisories/2020/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2020-11-03",
"ID": "CVE-2020-1909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WhatsApp Business for iOS",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.20.111"
},
{
"version_affected": "\u003c",
"version_value": "2.20.111"
},
{
"version_affected": "\u003e=",
"version_value": "2.20.81"
}
]
}
},
{
"product_name": "WhatsApp for iOS",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.20.111"
},
{
"version_affected": "\u003c",
"version_value": "2.20.111"
},
{
"version_affected": "\u003e=",
"version_value": "2.20.81"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use-after-free in a logging library in WhatsApp for iOS prior to v2.20.111 and WhatsApp Business for iOS prior to v2.20.111 could have resulted in memory corruption, crashes and potentially code execution. This could have happened only if several events occurred together in sequence, including receiving an animated sticker while placing a WhatsApp video call on hold."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.whatsapp.com/security/advisories/2020/",
"refsource": "CONFIRM",
"url": "https://www.whatsapp.com/security/advisories/2020/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2020-1909",
"datePublished": "2020-11-03T19:15:17",
"dateReserved": "2019-12-02T00:00:00",
"dateUpdated": "2024-08-04T06:53:59.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-55179 (GCVE-0-2025-55179)
Vulnerability from nvd – Published: 2025-11-18 13:56 – Updated: 2025-11-18 14:25
VLAI?
Summary
Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device. We have not seen evidence of exploitation in the wild.
Severity ?
CWE
- Incorrect Authorization (CWE-863)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WhatsApp Business for iOS |
Affected:
2.25.8.14 , < 2.25.23.82
(semver)
|
|||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55179",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T14:22:05.852548Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T14:25:08.232Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "WhatsApp Business for iOS",
"vendor": "Facebook",
"versions": [
{
"lessThan": "2.25.23.82",
"status": "affected",
"version": "2.25.8.14",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WhatsApp for iOS",
"vendor": "Facebook",
"versions": [
{
"lessThan": "2.25.23.73",
"status": "affected",
"version": "2.25.8.17",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WhatsApp Desktop for Mac",
"vendor": "Facebook",
"versions": [
{
"lessThan": "2.25.23.83",
"status": "affected",
"version": "2.25.8.14",
"versionType": "semver"
}
]
}
],
"dateAssigned": "2025-11-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger processing of media content from an arbitrary URL on another user\u2019s device. We have not seen evidence of exploitation in the wild."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Authorization (CWE-863)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T13:56:31.598Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "Meta"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.facebook.com/security/advisories/cve-2025-55179"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.whatsapp.com/security/advisories/2025/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "Meta",
"cveId": "CVE-2025-55179",
"datePublished": "2025-11-18T13:56:31.598Z",
"dateReserved": "2025-08-08T18:21:47.119Z",
"dateUpdated": "2025-11-18T14:25:08.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-55177 (GCVE-0-2025-55177)
Vulnerability from nvd – Published: 2025-08-29 15:50 – Updated: 2025-10-21 22:45
VLAI?
Summary
Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device. We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users.
Severity ?
CWE
- Incorrect Authorization (CWE-863)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WhatsApp Desktop for Mac |
Affected:
2.22.25.2 , < 2.25.21.78
(semver)
|
|||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55177",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-30T03:55:35.684164Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-09-02",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-55177"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:45:20.172Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-55177"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-02T00:00:00+00:00",
"value": "CVE-2025-55177 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WhatsApp Desktop for Mac",
"vendor": "Facebook",
"versions": [
{
"lessThan": "2.25.21.78",
"status": "affected",
"version": "2.22.25.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WhatsApp Business for iOS",
"vendor": "Facebook",
"versions": [
{
"lessThan": "2.25.21.78",
"status": "affected",
"version": "2.22.25.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WhatsApp for iOS",
"vendor": "Facebook",
"versions": [
{
"lessThan": "2.25.21.73",
"status": "affected",
"version": "2.22.25.2",
"versionType": "semver"
}
]
}
],
"dateAssigned": "2025-08-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target\u2019s device. We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Authorization (CWE-863)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-30T16:54:33.495Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.facebook.com/security/advisories/cve-2025-55177"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.whatsapp.com/security/advisories/2025/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2025-55177",
"datePublished": "2025-08-29T15:50:28.578Z",
"dateReserved": "2025-08-08T18:21:47.118Z",
"dateUpdated": "2025-10-21T22:45:20.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36934 (GCVE-0-2022-36934)
Vulnerability from nvd – Published: 2022-09-22 21:30 – Updated: 2025-05-27 16:05
VLAI?
Summary
An integer overflow in WhatsApp could result in remote code execution in an established video call.
Severity ?
9.8 (Critical)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Meta | WhatsApp for iOS |
Affected:
unspecified , < 2.22.16.12
(custom)
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:32.100Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.whatsapp.com/security/advisories/2022/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-36934",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-27T16:05:45.458311Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T16:05:50.201Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WhatsApp for iOS",
"vendor": "Meta",
"versions": [
{
"lessThan": "2.22.16.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp Business for iOS",
"vendor": "Meta",
"versions": [
{
"lessThan": "2.22.16.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp for Android",
"vendor": "Meta",
"versions": [
{
"lessThan": "2.22.16.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp Business for Android",
"vendor": "Meta",
"versions": [
{
"lessThan": "2.22.16.12",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2022-07-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An integer overflow in WhatsApp could result in remote code execution in an established video call."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-22T21:30:11.000Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.whatsapp.com/security/advisories/2022/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2022-07-27",
"ID": "CVE-2022-36934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WhatsApp for iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.22.16.12"
}
]
}
},
{
"product_name": "WhatsApp Business for iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.22.16.12"
}
]
}
},
{
"product_name": "WhatsApp for Android",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.22.16.12"
}
]
}
},
{
"product_name": "WhatsApp Business for Android",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.22.16.12"
}
]
}
}
]
},
"vendor_name": "Meta"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An integer overflow in WhatsApp could result in remote code execution in an established video call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.whatsapp.com/security/advisories/2022/",
"refsource": "CONFIRM",
"url": "https://www.whatsapp.com/security/advisories/2022/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2022-36934",
"datePublished": "2022-09-22T21:30:11.000Z",
"dateReserved": "2022-07-27T00:00:00.000Z",
"dateUpdated": "2025-05-27T16:05:50.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24043 (GCVE-0-2021-24043)
Vulnerability from nvd – Published: 2022-02-02 11:59 – Updated: 2024-08-03 19:21
VLAI?
Summary
A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business for Android v2.21.23.2, WhatsApp for iOS v2.21.230.6, WhatsApp Business for iOS 2.21.230.7, and WhatsApp Desktop v2.2145.0 could have allowed an out-of-bounds heap read if a user sent a malformed RTCP packet during an established call.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:17.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2021-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business for Android v2.21.23.2, WhatsApp for iOS v2.21.230.6, WhatsApp Business for iOS 2.21.230.7, and WhatsApp Desktop v2.2145.0 could have allowed an out-of-bounds heap read if a user sent a malformed RTCP packet during an established call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-02T11:59:31",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2021-11-09",
"ID": "CVE-2021-24043",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business for Android v2.21.23.2, WhatsApp for iOS v2.21.230.6, WhatsApp Business for iOS 2.21.230.7, and WhatsApp Desktop v2.2145.0 could have allowed an out-of-bounds heap read if a user sent a malformed RTCP packet during an established call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.whatsapp.com/security/advisories/2021/",
"refsource": "CONFIRM",
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2021-24043",
"datePublished": "2022-02-02T11:59:31",
"dateReserved": "2021-01-13T00:00:00",
"dateUpdated": "2024-08-03T19:21:17.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24041 (GCVE-0-2021-24041)
Vulnerability from nvd – Published: 2021-12-07 19:10 – Updated: 2024-08-03 19:21
VLAI?
Summary
A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android v2.21.22.7 could have allowed an out-of-bounds write if a user sent a malicious image.
Severity ?
No CVSS data available.
CWE
- CWE-122 - Heap-based Buffer Overflow (CWE-122)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| WhatsApp Business for Android |
Affected:
unspecified , < v2.21.22.7
(custom)
Unaffected: v2.21.22.7 , < unspecified (custom) |
||||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:17.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WhatsApp Business for Android",
"vendor": "Facebook",
"versions": [
{
"lessThan": "v2.21.22.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "v2.21.22.7",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp for Android",
"vendor": "Facebook",
"versions": [
{
"lessThan": "v2.21.22.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "v2.21.22.7",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2021-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android v2.21.22.7 could have allowed an out-of-bounds write if a user sent a malicious image."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow (CWE-122)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-07T19:10:09",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2021-11-09",
"ID": "CVE-2021-24041",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WhatsApp Business for Android",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.21.22.7"
},
{
"version_affected": "!\u003e=",
"version_value": "v2.21.22.7"
}
]
}
},
{
"product_name": "WhatsApp for Android",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.21.22.7"
},
{
"version_affected": "!\u003e=",
"version_value": "v2.21.22.7"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android v2.21.22.7 could have allowed an out-of-bounds write if a user sent a malicious image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow (CWE-122)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.whatsapp.com/security/advisories/2021/",
"refsource": "CONFIRM",
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2021-24041",
"datePublished": "2021-12-07T19:10:09",
"dateReserved": "2021-01-13T00:00:00",
"dateUpdated": "2024-08-03T19:21:17.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24035 (GCVE-0-2021-24035)
Vulnerability from nvd – Published: 2021-06-11 03:35 – Updated: 2024-08-03 19:21
VLAI?
Summary
A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files.
Severity ?
No CVSS data available.
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| WhatsApp Business for Android |
Affected:
unspecified , < v2.21.8.13
(custom)
|
||||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:17.185Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WhatsApp Business for Android",
"vendor": "Facebook",
"versions": [
{
"lessThan": "v2.21.8.13",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp for Android",
"vendor": "Facebook",
"versions": [
{
"lessThan": "v2.21.8.13",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2021-04-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T03:35:10",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2021-04-21",
"ID": "CVE-2021-24035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WhatsApp Business for Android",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.21.8.13"
}
]
}
},
{
"product_name": "WhatsApp for Android",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.21.8.13"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23: Relative Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.whatsapp.com/security/advisories/2021/",
"refsource": "CONFIRM",
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2021-24035",
"datePublished": "2021-06-11T03:35:10",
"dateReserved": "2021-01-13T00:00:00",
"dateUpdated": "2024-08-03T19:21:17.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24026 (GCVE-0-2021-24026)
Vulnerability from nvd – Published: 2021-04-06 16:45 – Updated: 2024-08-03 19:21
VLAI?
Summary
A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WhatsApp Business for iOS |
Affected:
unspecified , < v2.21.32
(custom)
|
||||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:17.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WhatsApp Business for iOS",
"vendor": "Facebook",
"versions": [
{
"lessThan": "v2.21.32",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp for iOS",
"vendor": "Facebook",
"versions": [
{
"lessThan": "v2.21.32",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp Business for Android",
"vendor": "Facebook",
"versions": [
{
"lessThan": "v2.21.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp for Android",
"vendor": "Facebook",
"versions": [
{
"lessThan": "v2.21.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T16:45:15",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2021-04-06",
"ID": "CVE-2021-24026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WhatsApp Business for iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.21.32"
}
]
}
},
{
"product_name": "WhatsApp for iOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.21.32"
}
]
}
},
{
"product_name": "WhatsApp Business for Android",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.21.3"
}
]
}
},
{
"product_name": "WhatsApp for Android",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.21.3"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.whatsapp.com/security/advisories/2021/",
"refsource": "CONFIRM",
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2021-24026",
"datePublished": "2021-04-06T16:45:15",
"dateReserved": "2021-01-13T00:00:00",
"dateUpdated": "2024-08-03T19:21:17.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24027 (GCVE-0-2021-24027)
Vulnerability from nvd – Published: 2021-04-06 16:45 – Updated: 2024-08-03 19:21
VLAI?
Summary
A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device’s external storage to read cached TLS material.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| WhatsApp Business for Android |
Affected:
v2.21.4.18
|
||||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:17.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WhatsApp Business for Android",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "v2.21.4.18"
}
]
},
{
"product": "WhatsApp for Android",
"vendor": "Facebook",
"versions": [
{
"lessThan": "v2.21.4.18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device\u2019s external storage to read cached TLS material."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-524",
"description": "CWE-524",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T16:45:15",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2021-04-06",
"ID": "CVE-2021-24027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WhatsApp Business for Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v2.21.4.18"
}
]
}
},
{
"product_name": "WhatsApp for Android",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.21.4.18"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device\u2019s external storage to read cached TLS material."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-524"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.whatsapp.com/security/advisories/2021/",
"refsource": "CONFIRM",
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2021-24027",
"datePublished": "2021-04-06T16:45:15",
"dateReserved": "2021-01-13T00:00:00",
"dateUpdated": "2024-08-03T19:21:17.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1910 (GCVE-0-2020-1910)
Vulnerability from nvd – Published: 2021-02-02 19:55 – Updated: 2024-08-04 06:53
VLAI?
Summary
A missing bounds check in WhatsApp for Android prior to v2.21.1.13 and WhatsApp Business for Android prior to v2.21.1.13 could have allowed out-of-bounds read and write if a user applied specific image filters to a specially crafted image and sent the resulting image.
Severity ?
No CVSS data available.
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| WhatsApp Business for Android |
Affected:
unspecified , < v2.21.1.13
(custom)
Unaffected: v2.21.1.13 , < unspecified (custom) |
||||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:53:59.731Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WhatsApp Business for Android",
"vendor": "WhatsApp",
"versions": [
{
"lessThan": "v2.21.1.13",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "v2.21.1.13",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp for Android",
"vendor": "WhatsApp",
"versions": [
{
"lessThan": "v2.21.1.13",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "v2.21.1.13",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2021-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A missing bounds check in WhatsApp for Android prior to v2.21.1.13 and WhatsApp Business for Android prior to v2.21.1.13 could have allowed out-of-bounds read and write if a user applied specific image filters to a specially crafted image and sent the resulting image."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-02T19:55:13",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2021-02-02",
"ID": "CVE-2020-1910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WhatsApp Business for Android",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.21.1.13"
},
{
"version_affected": "!\u003e=",
"version_value": "v2.21.1.13"
}
]
}
},
{
"product_name": "WhatsApp for Android",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v2.21.1.13"
},
{
"version_affected": "!\u003e=",
"version_value": "v2.21.1.13"
}
]
}
}
]
},
"vendor_name": "WhatsApp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A missing bounds check in WhatsApp for Android prior to v2.21.1.13 and WhatsApp Business for Android prior to v2.21.1.13 could have allowed out-of-bounds read and write if a user applied specific image filters to a specially crafted image and sent the resulting image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.whatsapp.com/security/advisories/2021/",
"refsource": "CONFIRM",
"url": "https://www.whatsapp.com/security/advisories/2021/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2020-1910",
"datePublished": "2021-02-02T19:55:13",
"dateReserved": "2019-12-02T00:00:00",
"dateUpdated": "2024-08-04T06:53:59.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}