Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for WhatsApp for Portal by Facebook

    CVE-2020-1907 (GCVE-0-2020-1907)

    Vulnerability from nvd – Published: 2020-10-06 17:35 – Updated: 2024-08-04 06:53
    VLAI
    Summary
    A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsApp Business for Android prior to v2.20.196.12, WhatsApp for iOS prior to v2.20.90, WhatsApp Business for iOS prior to v2.20.90, and WhatsApp for Portal prior to v173.0.0.29.505 could have allowed arbitrary code execution when parsing the contents of an RTP Extension header.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp for Android Affected: 2.20.196.16
    Affected: unspecified , < 2.20.196.16 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for Android Affected: 2.20.196.12
    Affected: unspecified , < 2.20.196.12 (custom)
    Create a notification for this product.
    Facebook WhatsApp for iOS Affected: 2.20.90
    Affected: unspecified , < 2.20.90 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for iOS Affected: 2.20.90
    Affected: unspecified , < 2.20.90 (custom)
    Create a notification for this product.
    Facebook WhatsApp for Portal Affected: 173.0.0.29.505
    Affected: unspecified , < 173.0.0.29.505 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:53:59.972Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2020/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.196.16"
                },
                {
                  "lessThan": "2.20.196.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.196.12"
                },
                {
                  "lessThan": "2.20.196.12",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.90"
                },
                {
                  "lessThan": "2.20.90",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.90"
                },
                {
                  "lessThan": "2.20.90",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for Portal",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "173.0.0.29.505"
                },
                {
                  "lessThan": "173.0.0.29.505",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2020-10-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsApp Business for Android prior to v2.20.196.12, WhatsApp for iOS prior to v2.20.90, WhatsApp Business for iOS prior to v2.20.90, and WhatsApp for Portal prior to v173.0.0.29.505 could have allowed arbitrary code execution when parsing the contents of an RTP Extension header."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-06T17:35:27.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2020/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2020-10-06",
              "ID": "CVE-2020-1907",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.196.16"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.196.16"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.196.12"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.196.12"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.90"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.90"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.90"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.90"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for Portal",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "173.0.0.29.505"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "173.0.0.29.505"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsApp Business for Android prior to v2.20.196.12, WhatsApp for iOS prior to v2.20.90, WhatsApp Business for iOS prior to v2.20.90, and WhatsApp for Portal prior to v173.0.0.29.505 could have allowed arbitrary code execution when parsing the contents of an RTP Extension header."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787: Out-of-bounds Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2020/",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2020/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1907",
        "datePublished": "2020-10-06T17:35:27.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:53:59.972Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1907 (GCVE-0-2020-1907)

    Vulnerability from cvelistv5 – Published: 2020-10-06 17:35 – Updated: 2024-08-04 06:53
    VLAI
    Summary
    A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsApp Business for Android prior to v2.20.196.12, WhatsApp for iOS prior to v2.20.90, WhatsApp Business for iOS prior to v2.20.90, and WhatsApp for Portal prior to v173.0.0.29.505 could have allowed arbitrary code execution when parsing the contents of an RTP Extension header.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp for Android Affected: 2.20.196.16
    Affected: unspecified , < 2.20.196.16 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for Android Affected: 2.20.196.12
    Affected: unspecified , < 2.20.196.12 (custom)
    Create a notification for this product.
    Facebook WhatsApp for iOS Affected: 2.20.90
    Affected: unspecified , < 2.20.90 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for iOS Affected: 2.20.90
    Affected: unspecified , < 2.20.90 (custom)
    Create a notification for this product.
    Facebook WhatsApp for Portal Affected: 173.0.0.29.505
    Affected: unspecified , < 173.0.0.29.505 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:53:59.972Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2020/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.196.16"
                },
                {
                  "lessThan": "2.20.196.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.196.12"
                },
                {
                  "lessThan": "2.20.196.12",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.90"
                },
                {
                  "lessThan": "2.20.90",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.90"
                },
                {
                  "lessThan": "2.20.90",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for Portal",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "173.0.0.29.505"
                },
                {
                  "lessThan": "173.0.0.29.505",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2020-10-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsApp Business for Android prior to v2.20.196.12, WhatsApp for iOS prior to v2.20.90, WhatsApp Business for iOS prior to v2.20.90, and WhatsApp for Portal prior to v173.0.0.29.505 could have allowed arbitrary code execution when parsing the contents of an RTP Extension header."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-06T17:35:27.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2020/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2020-10-06",
              "ID": "CVE-2020-1907",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.196.16"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.196.16"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.196.12"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.196.12"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.90"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.90"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.90"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.90"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for Portal",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "173.0.0.29.505"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "173.0.0.29.505"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsApp Business for Android prior to v2.20.196.12, WhatsApp for iOS prior to v2.20.90, WhatsApp Business for iOS prior to v2.20.90, and WhatsApp for Portal prior to v173.0.0.29.505 could have allowed arbitrary code execution when parsing the contents of an RTP Extension header."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787: Out-of-bounds Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2020/",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2020/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1907",
        "datePublished": "2020-10-06T17:35:27.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:53:59.972Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }