Search

Find a vulnerability

Search criteria

    40 vulnerabilities found for WhatsApp Business for Android by Facebook

    CVE-2023-38538 (GCVE-0-2023-38538)

    Vulnerability from nvd – Published: 2023-10-04 19:10 – Updated: 2024-09-19 15:27
    VLAI
    Summary
    A race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have resulted in app termination or unexpected control flow with very low probability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:46:56.586Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2023/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38538",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-19T15:27:40.316899Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-19T15:27:48.295Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "WhatsApp Desktop for Mac",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "2.2338.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "WhatsApp Desktop for Windows",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "2.2320.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "WhatsApp Business for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "2.23.10.77",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "WhatsApp for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "2.23.10.77",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "2.23.10.77",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "2.23.10.77",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "dateAssigned": "2023-07-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have resulted in app termination or unexpected control flow with very low probability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-416, CWE-366",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-04T19:10:49.627Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2023/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2023-38538",
        "datePublished": "2023-10-04T19:10:49.627Z",
        "dateReserved": "2023-07-19T20:34:49.827Z",
        "dateUpdated": "2024-09-19T15:27:48.295Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38537 (GCVE-0-2023-38537)

    Vulnerability from nvd – Published: 2023-10-04 19:09 – Updated: 2024-09-19 15:27
    VLAI
    Summary
    A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that could have resulted in app termination or unexpected control flow with very low probability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:46:56.022Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2023/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38537",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-19T15:27:15.314042Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-19T15:27:23.286Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "WhatsApp Desktop for Mac",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "2.2338.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "WhatsApp Desktop for Windows",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "2.2320.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "WhatsApp Business for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "2.23.10.77",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "WhatsApp for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "2.23.10.77",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "2.23.10.77",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "2.23.10.77",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "dateAssigned": "2023-07-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that could have resulted in app termination or unexpected control flow with very low probability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.6,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-416, CWE-366",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-04T19:09:58.086Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2023/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2023-38537",
        "datePublished": "2023-10-04T19:09:58.086Z",
        "dateReserved": "2023-07-19T20:34:49.827Z",
        "dateUpdated": "2024-09-19T15:27:23.286Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24042 (GCVE-0-2021-24042)

    Vulnerability from nvd – Published: 2022-01-04 18:55 – Updated: 2025-05-22 18:36
    VLAI
    Summary
    The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230, WhatsApp for KaiOS prior to v2.2143, WhatsApp Desktop prior to v2.2146 could have allowed an out-of-bounds write if a user makes a 1:1 call to a malicious actor.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow (CWE-122)
    • CWE-787 - Out-of-bounds Write
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp Desktop Affected: unspecified , < v2.2146 (custom)
    Unaffected: v2.2146 , < unspecified (custom)
    Create a notification for this product.
    Facebook WhatsApp for KaiOS Affected: unspecified , < v2.2143 (custom)
    Unaffected: v2.2143 , < unspecified (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for iOS Affected: unspecified , < v2.21.230 (custom)
    Unaffected: v2.21.230 , < unspecified (custom)
    Create a notification for this product.
    Facebook WhatsApp for iOS Affected: unspecified , < v2.21.230 (custom)
    Unaffected: v2.21.230 , < unspecified (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for Android Affected: unspecified , < v2.21.23 (custom)
    Unaffected: v2.21.23 , < unspecified (custom)
    Create a notification for this product.
    Facebook WhatsApp for Android Affected: unspecified , < v2.21.23 (custom)
    Unaffected: v2.21.23 , < unspecified (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:21:17.296Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2021/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-24042",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-22T17:29:44.436259Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-22T18:36:53.143Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp Desktop",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.2146",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "v2.2146",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for KaiOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.2143",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "v2.2143",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.21.230",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "v2.21.230",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.21.230",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "v2.21.230",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.21.23",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "v2.21.23",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.21.23",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "v2.21.23",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2021-11-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230, WhatsApp for KaiOS prior to v2.2143, WhatsApp Desktop prior to v2.2146 could have allowed an out-of-bounds write if a user makes a 1:1 call to a malicious actor."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow (CWE-122)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-04T18:55:08.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2021/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2021-11-09",
              "ID": "CVE-2021-24042",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp Desktop",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.2146"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "v2.2146"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for KaiOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.2143"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "v2.2143"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.230"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "v2.21.230"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.230"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "v2.21.230"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.23"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "v2.21.23"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.23"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "v2.21.23"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230, WhatsApp for KaiOS prior to v2.2143, WhatsApp Desktop prior to v2.2146 could have allowed an out-of-bounds write if a user makes a 1:1 call to a malicious actor."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Heap-based Buffer Overflow (CWE-122)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2021/",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2021/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2021-24042",
        "datePublished": "2022-01-04T18:55:08.000Z",
        "dateReserved": "2021-01-13T00:00:00.000Z",
        "dateUpdated": "2025-05-22T18:36:53.143Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24041 (GCVE-0-2021-24041)

    Vulnerability from nvd – Published: 2021-12-07 19:10 – Updated: 2024-08-03 19:21
    VLAI
    Summary
    A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android v2.21.22.7 could have allowed an out-of-bounds write if a user sent a malicious image.
    Severity
    No CVSS data available.
    CWE
    • CWE-122 - Heap-based Buffer Overflow (CWE-122)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp Business for Android Affected: unspecified , < v2.21.22.7 (custom)
    Unaffected: v2.21.22.7 , < unspecified (custom)
    Create a notification for this product.
    Facebook WhatsApp for Android Affected: unspecified , < v2.21.22.7 (custom)
    Unaffected: v2.21.22.7 , < unspecified (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:21:17.331Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2021/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.21.22.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "v2.21.22.7",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.21.22.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "v2.21.22.7",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2021-11-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android v2.21.22.7 could have allowed an out-of-bounds write if a user sent a malicious image."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow (CWE-122)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-07T19:10:09.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2021/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2021-11-09",
              "ID": "CVE-2021-24041",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.22.7"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "v2.21.22.7"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.22.7"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "v2.21.22.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android v2.21.22.7 could have allowed an out-of-bounds write if a user sent a malicious image."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Heap-based Buffer Overflow (CWE-122)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2021/",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2021/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2021-24041",
        "datePublished": "2021-12-07T19:10:09.000Z",
        "dateReserved": "2021-01-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:21:17.331Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24035 (GCVE-0-2021-24035)

    Vulnerability from nvd – Published: 2021-06-11 03:35 – Updated: 2024-08-03 19:21
    VLAI
    Summary
    A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files.
    Severity
    No CVSS data available.
    CWE
    • CWE-23 - Relative Path Traversal
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp Business for Android Affected: unspecified , < v2.21.8.13 (custom)
    Create a notification for this product.
    Facebook WhatsApp for Android Affected: unspecified , < v2.21.8.13 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:21:17.185Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2021/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.21.8.13",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.21.8.13",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2021-04-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23: Relative Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-11T03:35:10.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2021/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2021-04-21",
              "ID": "CVE-2021-24035",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.8.13"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.8.13"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-23: Relative Path Traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2021/",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2021/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2021-24035",
        "datePublished": "2021-06-11T03:35:10.000Z",
        "dateReserved": "2021-01-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:21:17.185Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24027 (GCVE-0-2021-24027)

    Vulnerability from nvd – Published: 2021-04-06 16:45 – Updated: 2024-08-03 19:21
    VLAI
    Summary
    A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device’s external storage to read cached TLS material.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:21:17.148Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2021/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.21.4.18"
                }
              ]
            },
            {
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.21.4.18",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2021-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device\u2019s external storage to read cached TLS material."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-524",
                  "description": "CWE-524",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-06T16:45:15.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2021/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2021-04-06",
              "ID": "CVE-2021-24027",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "v2.21.4.18"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.4.18"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device\u2019s external storage to read cached TLS material."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-524"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2021/",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2021/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2021-24027",
        "datePublished": "2021-04-06T16:45:15.000Z",
        "dateReserved": "2021-01-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:21:17.148Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24026 (GCVE-0-2021-24026)

    Vulnerability from nvd – Published: 2021-04-06 16:45 – Updated: 2024-08-03 19:21
    VLAI
    Summary
    A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp Business for iOS Affected: unspecified , < v2.21.32 (custom)
    Create a notification for this product.
    Facebook WhatsApp for iOS Affected: unspecified , < v2.21.32 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for Android Affected: unspecified , < v2.21.3 (custom)
    Create a notification for this product.
    Facebook WhatsApp for Android Affected: unspecified , < v2.21.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:21:17.055Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2021/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp Business for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.21.32",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.21.32",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.21.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.21.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2021-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-06T16:45:15.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2021/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2021-04-06",
              "ID": "CVE-2021-24026",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp Business for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.32"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.32"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2021/",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2021/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2021-24026",
        "datePublished": "2021-04-06T16:45:15.000Z",
        "dateReserved": "2021-01-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:21:17.055Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1907 (GCVE-0-2020-1907)

    Vulnerability from nvd – Published: 2020-10-06 17:35 – Updated: 2024-08-04 06:53
    VLAI
    Summary
    A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsApp Business for Android prior to v2.20.196.12, WhatsApp for iOS prior to v2.20.90, WhatsApp Business for iOS prior to v2.20.90, and WhatsApp for Portal prior to v173.0.0.29.505 could have allowed arbitrary code execution when parsing the contents of an RTP Extension header.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp for Android Affected: 2.20.196.16
    Affected: unspecified , < 2.20.196.16 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for Android Affected: 2.20.196.12
    Affected: unspecified , < 2.20.196.12 (custom)
    Create a notification for this product.
    Facebook WhatsApp for iOS Affected: 2.20.90
    Affected: unspecified , < 2.20.90 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for iOS Affected: 2.20.90
    Affected: unspecified , < 2.20.90 (custom)
    Create a notification for this product.
    Facebook WhatsApp for Portal Affected: 173.0.0.29.505
    Affected: unspecified , < 173.0.0.29.505 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:53:59.972Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2020/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.196.16"
                },
                {
                  "lessThan": "2.20.196.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.196.12"
                },
                {
                  "lessThan": "2.20.196.12",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.90"
                },
                {
                  "lessThan": "2.20.90",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.90"
                },
                {
                  "lessThan": "2.20.90",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for Portal",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "173.0.0.29.505"
                },
                {
                  "lessThan": "173.0.0.29.505",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2020-10-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsApp Business for Android prior to v2.20.196.12, WhatsApp for iOS prior to v2.20.90, WhatsApp Business for iOS prior to v2.20.90, and WhatsApp for Portal prior to v173.0.0.29.505 could have allowed arbitrary code execution when parsing the contents of an RTP Extension header."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-06T17:35:27.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2020/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2020-10-06",
              "ID": "CVE-2020-1907",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.196.16"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.196.16"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.196.12"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.196.12"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.90"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.90"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.90"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.90"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for Portal",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "173.0.0.29.505"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "173.0.0.29.505"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsApp Business for Android prior to v2.20.196.12, WhatsApp for iOS prior to v2.20.90, WhatsApp Business for iOS prior to v2.20.90, and WhatsApp for Portal prior to v173.0.0.29.505 could have allowed arbitrary code execution when parsing the contents of an RTP Extension header."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787: Out-of-bounds Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2020/",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2020/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1907",
        "datePublished": "2020-10-06T17:35:27.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:53:59.972Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1906 (GCVE-0-2020-1906)

    Vulnerability from nvd – Published: 2020-10-06 17:35 – Updated: 2024-08-04 06:53
    VLAI
    Summary
    A buffer overflow in WhatsApp for Android prior to v2.20.130 and WhatsApp Business for Android prior to v2.20.46 could have allowed an out-of-bounds write when processing malformed local videos with E-AC-3 audio streams.
    Severity
    No CVSS data available.
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp for Android Affected: 2.20.130
    Affected: unspecified , < 2.20.130 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for Android Affected: 2.20.46
    Affected: unspecified , < 2.20.46 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:53:59.903Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2020/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.130"
                },
                {
                  "lessThan": "2.20.130",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.46"
                },
                {
                  "lessThan": "2.20.46",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2020-10-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A buffer overflow in WhatsApp for Android prior to v2.20.130 and WhatsApp Business for Android prior to v2.20.46 could have allowed an out-of-bounds write when processing malformed local videos with E-AC-3 audio streams."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-06T17:35:26.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2020/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2020-10-06",
              "ID": "CVE-2020-1906",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.130"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.130"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.46"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.46"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A buffer overflow in WhatsApp for Android prior to v2.20.130 and WhatsApp Business for Android prior to v2.20.46 could have allowed an out-of-bounds write when processing malformed local videos with E-AC-3 audio streams."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-122: Heap-based Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2020/",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2020/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1906",
        "datePublished": "2020-10-06T17:35:26.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:53:59.903Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1902 (GCVE-0-2020-1902)

    Vulnerability from nvd – Published: 2020-10-06 17:35 – Updated: 2024-08-04 06:53
    VLAI
    Summary
    A user running a quick search on a highly forwarded message on WhatsApp for Android from v2.20.108 to v2.20.140 or WhatsApp Business for Android from v2.20.35 to v2.20.49 could have been sent to the Google service over plain HTTP.
    Severity
    No CVSS data available.
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp for Android Affected: 2.20.140
    Affected: unspecified , < 2.20.140 (custom)
    Unaffected: unspecified , < 2.20.108 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for Android Affected: 2.20.49
    Affected: unspecified , < 2.20.49 (custom)
    Unaffected: unspecified , < 2.20.35 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:53:59.913Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2020/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.140"
                },
                {
                  "lessThan": "2.20.140",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.20.108",
                  "status": "unaffected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.49"
                },
                {
                  "lessThan": "2.20.49",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.20.35",
                  "status": "unaffected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2020-10-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A user running a quick search on a highly forwarded message on WhatsApp for Android from v2.20.108 to v2.20.140 or WhatsApp Business for Android from v2.20.35 to v2.20.49 could have been sent to the Google service over plain HTTP."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-06T17:35:25.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2020/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2020-10-06",
              "ID": "CVE-2020-1902",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.140"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.140"
                              },
                              {
                                "version_affected": "!\u003c",
                                "version_value": "2.20.108"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.49"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.49"
                              },
                              {
                                "version_affected": "!\u003c",
                                "version_value": "2.20.35"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A user running a quick search on a highly forwarded message on WhatsApp for Android from v2.20.108 to v2.20.140 or WhatsApp Business for Android from v2.20.35 to v2.20.49 could have been sent to the Google service over plain HTTP."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2020/",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2020/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1902",
        "datePublished": "2020-10-06T17:35:25.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:53:59.913Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1894 (GCVE-0-2020-1894)

    Vulnerability from nvd – Published: 2020-09-03 21:10 – Updated: 2024-08-04 06:53
    VLAI
    Summary
    A stack write overflow in WhatsApp for Android prior to v2.20.35, WhatsApp Business for Android prior to v2.20.20, WhatsApp for iPhone prior to v2.20.30, and WhatsApp Business for iPhone prior to v2.20.30 could have allowed arbitrary code execution when playing a specially crafted push to talk message.
    Severity
    No CVSS data available.
    CWE
    • CWE-787 - Out-of-bounds Write (CWE-787)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp Android Affected: 2.20.35
    Affected: unspecified , < 2.20.35 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for Android Affected: 2.20.20
    Affected: unspecified , < 2.20.20 (custom)
    Create a notification for this product.
    Facebook WhatsApp iPhone Affected: 2.20.30
    Affected: unspecified , < 2.20.30 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for iPhone Affected: 2.20.30
    Affected: unspecified , < 2.20.30 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:53:59.872Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2020"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.35"
                },
                {
                  "lessThan": "2.20.35",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.20"
                },
                {
                  "lessThan": "2.20.20",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp iPhone",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.30"
                },
                {
                  "lessThan": "2.20.30",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for iPhone",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.30"
                },
                {
                  "lessThan": "2.20.30",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2020-09-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A stack write overflow in WhatsApp for Android prior to v2.20.35, WhatsApp Business for Android prior to v2.20.20, WhatsApp for iPhone prior to v2.20.30, and WhatsApp Business for iPhone prior to v2.20.30 could have allowed arbitrary code execution when playing a specially crafted push to talk message."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "Out-of-bounds Write (CWE-787)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-09-03T21:10:19.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2020"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2020-09-03",
              "ID": "CVE-2020-1894",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.35"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.35"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.20"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp iPhone",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.30"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.30"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for iPhone",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.30"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.30"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A stack write overflow in WhatsApp for Android prior to v2.20.35, WhatsApp Business for Android prior to v2.20.20, WhatsApp for iPhone prior to v2.20.30, and WhatsApp Business for iPhone prior to v2.20.30 could have allowed arbitrary code execution when playing a specially crafted push to talk message."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Out-of-bounds Write (CWE-787)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2020",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2020"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1894",
        "datePublished": "2020-09-03T21:10:19.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:53:59.872Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1891 (GCVE-0-2020-1891)

    Vulnerability from nvd – Published: 2020-09-03 21:10 – Updated: 2024-08-04 06:53
    VLAI
    Summary
    A user controlled parameter used in video call in WhatsApp for Android prior to v2.20.17, WhatsApp Business for Android prior to v2.20.7, WhatsApp for iPhone prior to v2.20.20, and WhatsApp Business for iPhone prior to v2.20.20 could have allowed an out-of-bounds write on 32-bit devices.
    Severity
    No CVSS data available.
    CWE
    • CWE-787 - Out-of-bounds Write (CWE-787)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp Android Affected: 2.20.17
    Affected: unspecified , < 2.20.17 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for Android Affected: 2.20.7
    Affected: unspecified , < 2.20.7 (custom)
    Create a notification for this product.
    Facebook WhatsApp iPhone Affected: 2.20.20
    Affected: unspecified , < 2.20.20 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for iPhone Affected: 2.20.20
    Affected: unspecified , < 2.20.20 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:53:59.925Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2020"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.17"
                },
                {
                  "lessThan": "2.20.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.7"
                },
                {
                  "lessThan": "2.20.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp iPhone",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.20"
                },
                {
                  "lessThan": "2.20.20",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for iPhone",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.20"
                },
                {
                  "lessThan": "2.20.20",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2020-09-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A user controlled parameter used in video call in WhatsApp for Android prior to v2.20.17, WhatsApp Business for Android prior to v2.20.7, WhatsApp for iPhone prior to v2.20.20, and WhatsApp Business for iPhone prior to v2.20.20 could have allowed an out-of-bounds write on 32-bit devices."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "Out-of-bounds Write (CWE-787)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-09-03T21:10:19.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2020"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2020-09-03",
              "ID": "CVE-2020-1891",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.17"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.17"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.7"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.7"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp iPhone",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.20"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for iPhone",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.20"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.20"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A user controlled parameter used in video call in WhatsApp for Android prior to v2.20.17, WhatsApp Business for Android prior to v2.20.7, WhatsApp for iPhone prior to v2.20.20, and WhatsApp Business for iPhone prior to v2.20.20 could have allowed an out-of-bounds write on 32-bit devices."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Out-of-bounds Write (CWE-787)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2020",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2020"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1891",
        "datePublished": "2020-09-03T21:10:19.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:53:59.925Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1890 (GCVE-0-2020-1890)

    Vulnerability from nvd – Published: 2020-09-03 21:10 – Updated: 2024-08-04 06:53
    VLAI
    Summary
    A URL validation issue in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have caused the recipient of a sticker message containing deliberately malformed data to load an image from a sender-controlled URL without user interaction.
    Severity
    No CVSS data available.
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp for Android Affected: 2.20.11
    Affected: unspecified , < 2.20.11 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for Android Affected: 2.20.2
    Affected: unspecified , < 2.20.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:53:59.902Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2020"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.11"
                },
                {
                  "lessThan": "2.20.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.2"
                },
                {
                  "lessThan": "2.20.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2020-09-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A URL validation issue in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have caused the recipient of a sticker message containing deliberately malformed data to load an image from a sender-controlled URL without user interaction."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-09-03T21:10:18.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2020"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2020-09-03",
              "ID": "CVE-2020-1890",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.11"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.11"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A URL validation issue in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have caused the recipient of a sticker message containing deliberately malformed data to load an image from a sender-controlled URL without user interaction."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-20: Improper Input Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2020",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2020"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1890",
        "datePublished": "2020-09-03T21:10:18.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:53:59.902Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1886 (GCVE-0-2020-1886)

    Vulnerability from nvd – Published: 2020-09-03 21:10 – Updated: 2024-08-04 06:53
    VLAI
    Summary
    A buffer overflow in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have allowed an out-of-bounds write via a specially crafted video stream after receiving and answering a malicious video call.
    Severity
    No CVSS data available.
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp for Android Affected: 2.20.11
    Affected: unspecified , < 2.20.11 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for Android Affected: 2.20.2
    Affected: unspecified , < 2.20.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:53:59.886Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2020"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.11"
                },
                {
                  "lessThan": "2.20.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.2"
                },
                {
                  "lessThan": "2.20.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2020-09-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A buffer overflow in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have allowed an out-of-bounds write via a specially crafted video stream after receiving and answering a malicious video call."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-09-03T21:10:17.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2020"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2020-09-03",
              "ID": "CVE-2020-1886",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.11"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.11"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A buffer overflow in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have allowed an out-of-bounds write via a specially crafted video stream after receiving and answering a malicious video call."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2020",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2020"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1886",
        "datePublished": "2020-09-03T21:10:18.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:53:59.886Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-11931 (GCVE-0-2019-11931)

    Vulnerability from nvd – Published: 2019-11-14 22:55 – Updated: 2024-08-04 23:10
    VLAI
    Summary
    A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100.
    Severity
    No CVSS data available.
    CWE
    • CWE-121 - Stack-based Buffer Overflow (CWE-121)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp for Android Affected: 2.19.274
    Affected: unspecified , < 2.19.274 (custom)
    Create a notification for this product.
    Facebook WhatsApp for iOS Affected: 2.19.100
    Affected: unspecified , < 2.19.100 (custom)
    Create a notification for this product.
    Facebook WhatsApp for Windows Phone Affected: unspecified , ≤ 2.18.368 (custom)
    Create a notification for this product.
    Facebook WhatsApp Enterprise Client Affected: 2.25.3
    Affected: unspecified , < 2.25.3 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for Android Affected: 2.19.104
    Affected: unspecified , < 2.19.104 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for iOS Affected: 2.19.100
    Affected: unspecified , < 2.19.100 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:10:29.691Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.facebook.com/security/advisories/cve-2019-11931"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.19.274"
                },
                {
                  "lessThan": "2.19.274",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.19.100"
                },
                {
                  "lessThan": "2.19.100",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for Windows Phone",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThanOrEqual": "2.18.368",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Enterprise Client",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.25.3"
                },
                {
                  "lessThan": "2.25.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.19.104"
                },
                {
                  "lessThan": "2.19.104",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.19.100"
                },
                {
                  "lessThan": "2.19.100",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2019-11-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow (CWE-121)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-14T22:55:52.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.facebook.com/security/advisories/cve-2019-11931"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2019-11-14",
              "ID": "CVE-2019-11931",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.19.274"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.19.274"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.19.100"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.19.100"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for Windows Phone",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "2.18.368"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Enterprise Client",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.25.3"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.25.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.19.104"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.19.104"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.19.100"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.19.100"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Stack-based Buffer Overflow (CWE-121)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.facebook.com/security/advisories/cve-2019-11931",
                  "refsource": "CONFIRM",
                  "url": "https://www.facebook.com/security/advisories/cve-2019-11931"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2019-11931",
        "datePublished": "2019-11-14T22:55:52.000Z",
        "dateReserved": "2019-05-13T00:00:00.000Z",
        "dateUpdated": "2024-08-04T23:10:29.691Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38538 (GCVE-0-2023-38538)

    Vulnerability from cvelistv5 – Published: 2023-10-04 19:10 – Updated: 2024-09-19 15:27
    VLAI
    Summary
    A race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have resulted in app termination or unexpected control flow with very low probability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:46:56.586Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2023/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38538",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-19T15:27:40.316899Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-19T15:27:48.295Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "WhatsApp Desktop for Mac",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "2.2338.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "WhatsApp Desktop for Windows",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "2.2320.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "WhatsApp Business for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "2.23.10.77",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "WhatsApp for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "2.23.10.77",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "2.23.10.77",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "2.23.10.77",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "dateAssigned": "2023-07-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have resulted in app termination or unexpected control flow with very low probability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-416, CWE-366",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-04T19:10:49.627Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2023/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2023-38538",
        "datePublished": "2023-10-04T19:10:49.627Z",
        "dateReserved": "2023-07-19T20:34:49.827Z",
        "dateUpdated": "2024-09-19T15:27:48.295Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-38537 (GCVE-0-2023-38537)

    Vulnerability from cvelistv5 – Published: 2023-10-04 19:09 – Updated: 2024-09-19 15:27
    VLAI
    Summary
    A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that could have resulted in app termination or unexpected control flow with very low probability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:46:56.022Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2023/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-38537",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-19T15:27:15.314042Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-19T15:27:23.286Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "WhatsApp Desktop for Mac",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "2.2338.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "WhatsApp Desktop for Windows",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "2.2320.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "WhatsApp Business for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "2.23.10.77",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "WhatsApp for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "2.23.10.77",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "2.23.10.77",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "2.23.10.77",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "dateAssigned": "2023-07-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that could have resulted in app termination or unexpected control flow with very low probability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.6,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-416, CWE-366",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-04T19:09:58.086Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2023/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2023-38537",
        "datePublished": "2023-10-04T19:09:58.086Z",
        "dateReserved": "2023-07-19T20:34:49.827Z",
        "dateUpdated": "2024-09-19T15:27:23.286Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24042 (GCVE-0-2021-24042)

    Vulnerability from cvelistv5 – Published: 2022-01-04 18:55 – Updated: 2025-05-22 18:36
    VLAI
    Summary
    The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230, WhatsApp for KaiOS prior to v2.2143, WhatsApp Desktop prior to v2.2146 could have allowed an out-of-bounds write if a user makes a 1:1 call to a malicious actor.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow (CWE-122)
    • CWE-787 - Out-of-bounds Write
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp Desktop Affected: unspecified , < v2.2146 (custom)
    Unaffected: v2.2146 , < unspecified (custom)
    Create a notification for this product.
    Facebook WhatsApp for KaiOS Affected: unspecified , < v2.2143 (custom)
    Unaffected: v2.2143 , < unspecified (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for iOS Affected: unspecified , < v2.21.230 (custom)
    Unaffected: v2.21.230 , < unspecified (custom)
    Create a notification for this product.
    Facebook WhatsApp for iOS Affected: unspecified , < v2.21.230 (custom)
    Unaffected: v2.21.230 , < unspecified (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for Android Affected: unspecified , < v2.21.23 (custom)
    Unaffected: v2.21.23 , < unspecified (custom)
    Create a notification for this product.
    Facebook WhatsApp for Android Affected: unspecified , < v2.21.23 (custom)
    Unaffected: v2.21.23 , < unspecified (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:21:17.296Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2021/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-24042",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-22T17:29:44.436259Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-787",
                    "description": "CWE-787 Out-of-bounds Write",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-22T18:36:53.143Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp Desktop",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.2146",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "v2.2146",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for KaiOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.2143",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "v2.2143",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.21.230",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "v2.21.230",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.21.230",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "v2.21.230",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.21.23",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "v2.21.23",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.21.23",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "v2.21.23",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2021-11-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230, WhatsApp for KaiOS prior to v2.2143, WhatsApp Desktop prior to v2.2146 could have allowed an out-of-bounds write if a user makes a 1:1 call to a malicious actor."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow (CWE-122)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-04T18:55:08.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2021/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2021-11-09",
              "ID": "CVE-2021-24042",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp Desktop",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.2146"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "v2.2146"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for KaiOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.2143"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "v2.2143"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.230"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "v2.21.230"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.230"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "v2.21.230"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.23"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "v2.21.23"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.23"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "v2.21.23"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230, WhatsApp for KaiOS prior to v2.2143, WhatsApp Desktop prior to v2.2146 could have allowed an out-of-bounds write if a user makes a 1:1 call to a malicious actor."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Heap-based Buffer Overflow (CWE-122)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2021/",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2021/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2021-24042",
        "datePublished": "2022-01-04T18:55:08.000Z",
        "dateReserved": "2021-01-13T00:00:00.000Z",
        "dateUpdated": "2025-05-22T18:36:53.143Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24041 (GCVE-0-2021-24041)

    Vulnerability from cvelistv5 – Published: 2021-12-07 19:10 – Updated: 2024-08-03 19:21
    VLAI
    Summary
    A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android v2.21.22.7 could have allowed an out-of-bounds write if a user sent a malicious image.
    Severity
    No CVSS data available.
    CWE
    • CWE-122 - Heap-based Buffer Overflow (CWE-122)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp Business for Android Affected: unspecified , < v2.21.22.7 (custom)
    Unaffected: v2.21.22.7 , < unspecified (custom)
    Create a notification for this product.
    Facebook WhatsApp for Android Affected: unspecified , < v2.21.22.7 (custom)
    Unaffected: v2.21.22.7 , < unspecified (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:21:17.331Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2021/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.21.22.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "v2.21.22.7",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.21.22.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "v2.21.22.7",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2021-11-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android v2.21.22.7 could have allowed an out-of-bounds write if a user sent a malicious image."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow (CWE-122)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-07T19:10:09.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2021/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2021-11-09",
              "ID": "CVE-2021-24041",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.22.7"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "v2.21.22.7"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.22.7"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "v2.21.22.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android v2.21.22.7 could have allowed an out-of-bounds write if a user sent a malicious image."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Heap-based Buffer Overflow (CWE-122)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2021/",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2021/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2021-24041",
        "datePublished": "2021-12-07T19:10:09.000Z",
        "dateReserved": "2021-01-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:21:17.331Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24035 (GCVE-0-2021-24035)

    Vulnerability from cvelistv5 – Published: 2021-06-11 03:35 – Updated: 2024-08-03 19:21
    VLAI
    Summary
    A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files.
    Severity
    No CVSS data available.
    CWE
    • CWE-23 - Relative Path Traversal
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp Business for Android Affected: unspecified , < v2.21.8.13 (custom)
    Create a notification for this product.
    Facebook WhatsApp for Android Affected: unspecified , < v2.21.8.13 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:21:17.185Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2021/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.21.8.13",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.21.8.13",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2021-04-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23: Relative Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-11T03:35:10.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2021/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2021-04-21",
              "ID": "CVE-2021-24035",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.8.13"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.8.13"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-23: Relative Path Traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2021/",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2021/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2021-24035",
        "datePublished": "2021-06-11T03:35:10.000Z",
        "dateReserved": "2021-01-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:21:17.185Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24026 (GCVE-0-2021-24026)

    Vulnerability from cvelistv5 – Published: 2021-04-06 16:45 – Updated: 2024-08-03 19:21
    VLAI
    Summary
    A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp Business for iOS Affected: unspecified , < v2.21.32 (custom)
    Create a notification for this product.
    Facebook WhatsApp for iOS Affected: unspecified , < v2.21.32 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for Android Affected: unspecified , < v2.21.3 (custom)
    Create a notification for this product.
    Facebook WhatsApp for Android Affected: unspecified , < v2.21.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:21:17.055Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2021/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp Business for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.21.32",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.21.32",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.21.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.21.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2021-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-06T16:45:15.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2021/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2021-04-06",
              "ID": "CVE-2021-24026",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp Business for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.32"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.32"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2021/",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2021/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2021-24026",
        "datePublished": "2021-04-06T16:45:15.000Z",
        "dateReserved": "2021-01-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:21:17.055Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24027 (GCVE-0-2021-24027)

    Vulnerability from cvelistv5 – Published: 2021-04-06 16:45 – Updated: 2024-08-03 19:21
    VLAI
    Summary
    A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device’s external storage to read cached TLS material.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:21:17.148Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2021/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.21.4.18"
                }
              ]
            },
            {
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.21.4.18",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2021-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device\u2019s external storage to read cached TLS material."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-524",
                  "description": "CWE-524",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-06T16:45:15.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2021/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2021-04-06",
              "ID": "CVE-2021-24027",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "v2.21.4.18"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.4.18"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device\u2019s external storage to read cached TLS material."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-524"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2021/",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2021/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2021-24027",
        "datePublished": "2021-04-06T16:45:15.000Z",
        "dateReserved": "2021-01-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:21:17.148Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1907 (GCVE-0-2020-1907)

    Vulnerability from cvelistv5 – Published: 2020-10-06 17:35 – Updated: 2024-08-04 06:53
    VLAI
    Summary
    A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsApp Business for Android prior to v2.20.196.12, WhatsApp for iOS prior to v2.20.90, WhatsApp Business for iOS prior to v2.20.90, and WhatsApp for Portal prior to v173.0.0.29.505 could have allowed arbitrary code execution when parsing the contents of an RTP Extension header.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp for Android Affected: 2.20.196.16
    Affected: unspecified , < 2.20.196.16 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for Android Affected: 2.20.196.12
    Affected: unspecified , < 2.20.196.12 (custom)
    Create a notification for this product.
    Facebook WhatsApp for iOS Affected: 2.20.90
    Affected: unspecified , < 2.20.90 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for iOS Affected: 2.20.90
    Affected: unspecified , < 2.20.90 (custom)
    Create a notification for this product.
    Facebook WhatsApp for Portal Affected: 173.0.0.29.505
    Affected: unspecified , < 173.0.0.29.505 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:53:59.972Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2020/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.196.16"
                },
                {
                  "lessThan": "2.20.196.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.196.12"
                },
                {
                  "lessThan": "2.20.196.12",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.90"
                },
                {
                  "lessThan": "2.20.90",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.90"
                },
                {
                  "lessThan": "2.20.90",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for Portal",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "173.0.0.29.505"
                },
                {
                  "lessThan": "173.0.0.29.505",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2020-10-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsApp Business for Android prior to v2.20.196.12, WhatsApp for iOS prior to v2.20.90, WhatsApp Business for iOS prior to v2.20.90, and WhatsApp for Portal prior to v173.0.0.29.505 could have allowed arbitrary code execution when parsing the contents of an RTP Extension header."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-06T17:35:27.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2020/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2020-10-06",
              "ID": "CVE-2020-1907",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.196.16"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.196.16"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.196.12"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.196.12"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.90"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.90"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.90"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.90"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for Portal",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "173.0.0.29.505"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "173.0.0.29.505"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsApp Business for Android prior to v2.20.196.12, WhatsApp for iOS prior to v2.20.90, WhatsApp Business for iOS prior to v2.20.90, and WhatsApp for Portal prior to v173.0.0.29.505 could have allowed arbitrary code execution when parsing the contents of an RTP Extension header."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787: Out-of-bounds Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2020/",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2020/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1907",
        "datePublished": "2020-10-06T17:35:27.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:53:59.972Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1906 (GCVE-0-2020-1906)

    Vulnerability from cvelistv5 – Published: 2020-10-06 17:35 – Updated: 2024-08-04 06:53
    VLAI
    Summary
    A buffer overflow in WhatsApp for Android prior to v2.20.130 and WhatsApp Business for Android prior to v2.20.46 could have allowed an out-of-bounds write when processing malformed local videos with E-AC-3 audio streams.
    Severity
    No CVSS data available.
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp for Android Affected: 2.20.130
    Affected: unspecified , < 2.20.130 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for Android Affected: 2.20.46
    Affected: unspecified , < 2.20.46 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:53:59.903Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2020/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.130"
                },
                {
                  "lessThan": "2.20.130",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.46"
                },
                {
                  "lessThan": "2.20.46",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2020-10-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A buffer overflow in WhatsApp for Android prior to v2.20.130 and WhatsApp Business for Android prior to v2.20.46 could have allowed an out-of-bounds write when processing malformed local videos with E-AC-3 audio streams."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-06T17:35:26.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2020/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2020-10-06",
              "ID": "CVE-2020-1906",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.130"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.130"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.46"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.46"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A buffer overflow in WhatsApp for Android prior to v2.20.130 and WhatsApp Business for Android prior to v2.20.46 could have allowed an out-of-bounds write when processing malformed local videos with E-AC-3 audio streams."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-122: Heap-based Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2020/",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2020/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1906",
        "datePublished": "2020-10-06T17:35:26.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:53:59.903Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1902 (GCVE-0-2020-1902)

    Vulnerability from cvelistv5 – Published: 2020-10-06 17:35 – Updated: 2024-08-04 06:53
    VLAI
    Summary
    A user running a quick search on a highly forwarded message on WhatsApp for Android from v2.20.108 to v2.20.140 or WhatsApp Business for Android from v2.20.35 to v2.20.49 could have been sent to the Google service over plain HTTP.
    Severity
    No CVSS data available.
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp for Android Affected: 2.20.140
    Affected: unspecified , < 2.20.140 (custom)
    Unaffected: unspecified , < 2.20.108 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for Android Affected: 2.20.49
    Affected: unspecified , < 2.20.49 (custom)
    Unaffected: unspecified , < 2.20.35 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:53:59.913Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2020/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.140"
                },
                {
                  "lessThan": "2.20.140",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.20.108",
                  "status": "unaffected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.49"
                },
                {
                  "lessThan": "2.20.49",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.20.35",
                  "status": "unaffected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2020-10-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A user running a quick search on a highly forwarded message on WhatsApp for Android from v2.20.108 to v2.20.140 or WhatsApp Business for Android from v2.20.35 to v2.20.49 could have been sent to the Google service over plain HTTP."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-06T17:35:25.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2020/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2020-10-06",
              "ID": "CVE-2020-1902",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.140"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.140"
                              },
                              {
                                "version_affected": "!\u003c",
                                "version_value": "2.20.108"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.49"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.49"
                              },
                              {
                                "version_affected": "!\u003c",
                                "version_value": "2.20.35"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A user running a quick search on a highly forwarded message on WhatsApp for Android from v2.20.108 to v2.20.140 or WhatsApp Business for Android from v2.20.35 to v2.20.49 could have been sent to the Google service over plain HTTP."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2020/",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2020/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1902",
        "datePublished": "2020-10-06T17:35:25.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:53:59.913Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1894 (GCVE-0-2020-1894)

    Vulnerability from cvelistv5 – Published: 2020-09-03 21:10 – Updated: 2024-08-04 06:53
    VLAI
    Summary
    A stack write overflow in WhatsApp for Android prior to v2.20.35, WhatsApp Business for Android prior to v2.20.20, WhatsApp for iPhone prior to v2.20.30, and WhatsApp Business for iPhone prior to v2.20.30 could have allowed arbitrary code execution when playing a specially crafted push to talk message.
    Severity
    No CVSS data available.
    CWE
    • CWE-787 - Out-of-bounds Write (CWE-787)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp Android Affected: 2.20.35
    Affected: unspecified , < 2.20.35 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for Android Affected: 2.20.20
    Affected: unspecified , < 2.20.20 (custom)
    Create a notification for this product.
    Facebook WhatsApp iPhone Affected: 2.20.30
    Affected: unspecified , < 2.20.30 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for iPhone Affected: 2.20.30
    Affected: unspecified , < 2.20.30 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:53:59.872Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2020"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.35"
                },
                {
                  "lessThan": "2.20.35",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.20"
                },
                {
                  "lessThan": "2.20.20",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp iPhone",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.30"
                },
                {
                  "lessThan": "2.20.30",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for iPhone",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.30"
                },
                {
                  "lessThan": "2.20.30",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2020-09-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A stack write overflow in WhatsApp for Android prior to v2.20.35, WhatsApp Business for Android prior to v2.20.20, WhatsApp for iPhone prior to v2.20.30, and WhatsApp Business for iPhone prior to v2.20.30 could have allowed arbitrary code execution when playing a specially crafted push to talk message."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "Out-of-bounds Write (CWE-787)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-09-03T21:10:19.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2020"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2020-09-03",
              "ID": "CVE-2020-1894",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.35"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.35"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.20"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp iPhone",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.30"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.30"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for iPhone",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.30"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.30"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A stack write overflow in WhatsApp for Android prior to v2.20.35, WhatsApp Business for Android prior to v2.20.20, WhatsApp for iPhone prior to v2.20.30, and WhatsApp Business for iPhone prior to v2.20.30 could have allowed arbitrary code execution when playing a specially crafted push to talk message."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Out-of-bounds Write (CWE-787)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2020",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2020"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1894",
        "datePublished": "2020-09-03T21:10:19.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:53:59.872Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1891 (GCVE-0-2020-1891)

    Vulnerability from cvelistv5 – Published: 2020-09-03 21:10 – Updated: 2024-08-04 06:53
    VLAI
    Summary
    A user controlled parameter used in video call in WhatsApp for Android prior to v2.20.17, WhatsApp Business for Android prior to v2.20.7, WhatsApp for iPhone prior to v2.20.20, and WhatsApp Business for iPhone prior to v2.20.20 could have allowed an out-of-bounds write on 32-bit devices.
    Severity
    No CVSS data available.
    CWE
    • CWE-787 - Out-of-bounds Write (CWE-787)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp Android Affected: 2.20.17
    Affected: unspecified , < 2.20.17 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for Android Affected: 2.20.7
    Affected: unspecified , < 2.20.7 (custom)
    Create a notification for this product.
    Facebook WhatsApp iPhone Affected: 2.20.20
    Affected: unspecified , < 2.20.20 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for iPhone Affected: 2.20.20
    Affected: unspecified , < 2.20.20 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:53:59.925Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2020"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.17"
                },
                {
                  "lessThan": "2.20.17",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.7"
                },
                {
                  "lessThan": "2.20.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp iPhone",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.20"
                },
                {
                  "lessThan": "2.20.20",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for iPhone",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.20"
                },
                {
                  "lessThan": "2.20.20",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2020-09-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A user controlled parameter used in video call in WhatsApp for Android prior to v2.20.17, WhatsApp Business for Android prior to v2.20.7, WhatsApp for iPhone prior to v2.20.20, and WhatsApp Business for iPhone prior to v2.20.20 could have allowed an out-of-bounds write on 32-bit devices."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "Out-of-bounds Write (CWE-787)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-09-03T21:10:19.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2020"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2020-09-03",
              "ID": "CVE-2020-1891",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.17"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.17"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.7"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.7"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp iPhone",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.20"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for iPhone",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.20"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.20"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A user controlled parameter used in video call in WhatsApp for Android prior to v2.20.17, WhatsApp Business for Android prior to v2.20.7, WhatsApp for iPhone prior to v2.20.20, and WhatsApp Business for iPhone prior to v2.20.20 could have allowed an out-of-bounds write on 32-bit devices."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Out-of-bounds Write (CWE-787)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2020",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2020"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1891",
        "datePublished": "2020-09-03T21:10:19.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:53:59.925Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1890 (GCVE-0-2020-1890)

    Vulnerability from cvelistv5 – Published: 2020-09-03 21:10 – Updated: 2024-08-04 06:53
    VLAI
    Summary
    A URL validation issue in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have caused the recipient of a sticker message containing deliberately malformed data to load an image from a sender-controlled URL without user interaction.
    Severity
    No CVSS data available.
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp for Android Affected: 2.20.11
    Affected: unspecified , < 2.20.11 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for Android Affected: 2.20.2
    Affected: unspecified , < 2.20.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:53:59.902Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2020"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.11"
                },
                {
                  "lessThan": "2.20.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.2"
                },
                {
                  "lessThan": "2.20.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2020-09-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A URL validation issue in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have caused the recipient of a sticker message containing deliberately malformed data to load an image from a sender-controlled URL without user interaction."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-09-03T21:10:18.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2020"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2020-09-03",
              "ID": "CVE-2020-1890",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.11"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.11"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A URL validation issue in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have caused the recipient of a sticker message containing deliberately malformed data to load an image from a sender-controlled URL without user interaction."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-20: Improper Input Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2020",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2020"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1890",
        "datePublished": "2020-09-03T21:10:18.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:53:59.902Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1886 (GCVE-0-2020-1886)

    Vulnerability from cvelistv5 – Published: 2020-09-03 21:10 – Updated: 2024-08-04 06:53
    VLAI
    Summary
    A buffer overflow in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have allowed an out-of-bounds write via a specially crafted video stream after receiving and answering a malicious video call.
    Severity
    No CVSS data available.
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp for Android Affected: 2.20.11
    Affected: unspecified , < 2.20.11 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for Android Affected: 2.20.2
    Affected: unspecified , < 2.20.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:53:59.886Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2020"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.11"
                },
                {
                  "lessThan": "2.20.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.2"
                },
                {
                  "lessThan": "2.20.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2020-09-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A buffer overflow in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have allowed an out-of-bounds write via a specially crafted video stream after receiving and answering a malicious video call."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-09-03T21:10:17.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2020"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2020-09-03",
              "ID": "CVE-2020-1886",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.11"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.11"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A buffer overflow in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have allowed an out-of-bounds write via a specially crafted video stream after receiving and answering a malicious video call."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2020",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2020"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1886",
        "datePublished": "2020-09-03T21:10:18.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:53:59.886Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-11931 (GCVE-0-2019-11931)

    Vulnerability from cvelistv5 – Published: 2019-11-14 22:55 – Updated: 2024-08-04 23:10
    VLAI
    Summary
    A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100.
    Severity
    No CVSS data available.
    CWE
    • CWE-121 - Stack-based Buffer Overflow (CWE-121)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp for Android Affected: 2.19.274
    Affected: unspecified , < 2.19.274 (custom)
    Create a notification for this product.
    Facebook WhatsApp for iOS Affected: 2.19.100
    Affected: unspecified , < 2.19.100 (custom)
    Create a notification for this product.
    Facebook WhatsApp for Windows Phone Affected: unspecified , ≤ 2.18.368 (custom)
    Create a notification for this product.
    Facebook WhatsApp Enterprise Client Affected: 2.25.3
    Affected: unspecified , < 2.25.3 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for Android Affected: 2.19.104
    Affected: unspecified , < 2.19.104 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for iOS Affected: 2.19.100
    Affected: unspecified , < 2.19.100 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:10:29.691Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.facebook.com/security/advisories/cve-2019-11931"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.19.274"
                },
                {
                  "lessThan": "2.19.274",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.19.100"
                },
                {
                  "lessThan": "2.19.100",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for Windows Phone",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThanOrEqual": "2.18.368",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Enterprise Client",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.25.3"
                },
                {
                  "lessThan": "2.25.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.19.104"
                },
                {
                  "lessThan": "2.19.104",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.19.100"
                },
                {
                  "lessThan": "2.19.100",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2019-11-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow (CWE-121)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-14T22:55:52.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.facebook.com/security/advisories/cve-2019-11931"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2019-11-14",
              "ID": "CVE-2019-11931",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.19.274"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.19.274"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.19.100"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.19.100"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for Windows Phone",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "2.18.368"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Enterprise Client",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.25.3"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.25.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.19.104"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.19.104"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.19.100"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.19.100"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Stack-based Buffer Overflow (CWE-121)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.facebook.com/security/advisories/cve-2019-11931",
                  "refsource": "CONFIRM",
                  "url": "https://www.facebook.com/security/advisories/cve-2019-11931"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2019-11931",
        "datePublished": "2019-11-14T22:55:52.000Z",
        "dateReserved": "2019-05-13T00:00:00.000Z",
        "dateUpdated": "2024-08-04T23:10:29.691Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }