CVE-2018-6339 (GCVE-0-2018-6339)
Vulnerability from cvelistv5 – Published: 2019-06-14 17:02 – Updated: 2024-08-05 06:01
VLAI?
Summary
When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed in. An off-by-one error meant that data was written beyond the allocated space on the stack. This issue affects WhatsApp for Android starting in version 2.18.180 and was fixed in version 2.18.295. It also affects WhatsApp Business for Android starting in version v2.18.103 and was fixed in version v2.18.150.
Severity ?
No CVSS data available.
CWE
- CWE-121 - Stack-based Buffer Overflow (CWE-121)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| WhatsApp for Android |
Affected:
2.18.295
Affected: 2.18.180 , < unspecified (custom) Unaffected: unspecified , < 2.18.180 (custom) |
||||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:48.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.facebook.com/security/advisories/cve-2018-6339/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WhatsApp for Android",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.18.295"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.18.180",
"versionType": "custom"
},
{
"lessThan": "2.18.180",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp Business for Android",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.18.150"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.18.103",
"versionType": "custom"
},
{
"lessThan": "2.18.103",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2018-12-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed in. An off-by-one error meant that data was written beyond the allocated space on the stack. This issue affects WhatsApp for Android starting in version 2.18.180 and was fixed in version 2.18.295. It also affects WhatsApp Business for Android starting in version v2.18.103 and was fixed in version v2.18.150."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow (CWE-121)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-14T17:02:57",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.facebook.com/security/advisories/cve-2018-6339/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2018-12-30",
"ID": "CVE-2018-6339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WhatsApp for Android",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.18.295"
},
{
"version_affected": "\u003e=",
"version_value": "2.18.180"
},
{
"version_affected": "!\u003c",
"version_value": "2.18.180"
}
]
}
},
{
"product_name": "WhatsApp Business for Android",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.18.150"
},
{
"version_affected": "\u003e=",
"version_value": "2.18.103"
},
{
"version_affected": "!\u003c",
"version_value": "2.18.103"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed in. An off-by-one error meant that data was written beyond the allocated space on the stack. This issue affects WhatsApp for Android starting in version 2.18.180 and was fixed in version 2.18.295. It also affects WhatsApp Business for Android starting in version v2.18.103 and was fixed in version v2.18.150."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow (CWE-121)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.facebook.com/security/advisories/cve-2018-6339/",
"refsource": "MISC",
"url": "https://www.facebook.com/security/advisories/cve-2018-6339/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2018-6339",
"datePublished": "2019-06-14T17:02:57",
"dateReserved": "2018-01-26T00:00:00",
"dateUpdated": "2024-08-05T06:01:48.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:business:android:*:*\", \"versionStartIncluding\": \"2.18.103\", \"versionEndExcluding\": \"2.18.150\", \"matchCriteriaId\": \"7111B367-98BD-4244-A3F5-661A1DCE43C3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:android:*:*\", \"versionStartIncluding\": \"2.18.180\", \"versionEndExcluding\": \"2.18.295\", \"matchCriteriaId\": \"6AF2CF4A-DE98-48CC-A13A-E168EA4678E6\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed in. An off-by-one error meant that data was written beyond the allocated space on the stack. This issue affects WhatsApp for Android starting in version 2.18.180 and was fixed in version 2.18.295. It also affects WhatsApp Business for Android starting in version v2.18.103 and was fixed in version v2.18.150.\"}, {\"lang\": \"es\", \"value\": \"Cuando se reciben llamadas con WhatsApp en Android, en la asignaci\\u00f3n de pila no se considera adecuadamente la cantidad de datos que est\\u00e1n pasando. Un error de uno en uno significaba que los datos se escrib\\u00edan fuera del espacio asignado en la pila. Este problema afecta a WhatsApp para Android a partir de la versi\\u00f3n 2.18.180 y se corrigi\\u00f3 en la versi\\u00f3n 2.18.295. Tambi\\u00e9n afecta a WhatsApp Business para Android a partir de la versi\\u00f3n v2.18.103 y se corrigi\\u00f3 en la versi\\u00f3n v2.18.150.\"}]",
"id": "CVE-2018-6339",
"lastModified": "2024-11-21T04:10:30.830",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2019-06-14T17:29:02.003",
"references": "[{\"url\": \"https://www.facebook.com/security/advisories/cve-2018-6339/\", \"source\": \"cve-assign@fb.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.facebook.com/security/advisories/cve-2018-6339/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "cve-assign@fb.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"cve-assign@fb.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-121\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-6339\",\"sourceIdentifier\":\"cve-assign@fb.com\",\"published\":\"2019-06-14T17:29:02.003\",\"lastModified\":\"2025-09-03T17:36:53.303\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed in. An off-by-one error meant that data was written beyond the allocated space on the stack. This issue affects WhatsApp for Android starting in version 2.18.180 and was fixed in version 2.18.295. It also affects WhatsApp Business for Android starting in version v2.18.103 and was fixed in version v2.18.150.\"},{\"lang\":\"es\",\"value\":\"Cuando se reciben llamadas con WhatsApp en Android, en la asignaci\u00f3n de pila no se considera adecuadamente la cantidad de datos que est\u00e1n pasando. Un error de uno en uno significaba que los datos se escrib\u00edan fuera del espacio asignado en la pila. Este problema afecta a WhatsApp para Android a partir de la versi\u00f3n 2.18.180 y se corrigi\u00f3 en la versi\u00f3n 2.18.295. Tambi\u00e9n afecta a WhatsApp Business para Android a partir de la versi\u00f3n v2.18.103 y se corrigi\u00f3 en la versi\u00f3n v2.18.150.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cve-assign@fb.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-121\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:android:*:*\",\"versionStartIncluding\":\"2.18.180\",\"versionEndExcluding\":\"2.18.295\",\"matchCriteriaId\":\"6AF2CF4A-DE98-48CC-A13A-E168EA4678E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:whatsapp:whatsapp_business:*:*:*:*:*:android:*:*\",\"versionStartIncluding\":\"2.18.103\",\"versionEndExcluding\":\"2.18.150\",\"matchCriteriaId\":\"9FF4FF16-10F8-46BB-8A68-6044A193E5E3\"}]}]}],\"references\":[{\"url\":\"https://www.facebook.com/security/advisories/cve-2018-6339/\",\"source\":\"cve-assign@fb.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.facebook.com/security/advisories/cve-2018-6339/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…