Search
Find a vulnerability
Search criteria
8 vulnerabilities found for WhatsApp for Windows Phone by Facebook
CVE-2019-11931 (GCVE-0-2019-11931)
Vulnerability from nvd – Published: 2019-11-14 22:55 – Updated: 2024-08-04 23:10
VLAI
Summary
A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100.
Severity
No CVSS data available.
CWE
- CWE-121 - Stack-based Buffer Overflow (CWE-121)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.facebook.com/security/advisories/cve-… | x_refsource_CONFIRM |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| WhatsApp for Android |
Affected:
2.19.274
Affected: unspecified , < 2.19.274 (custom) |
||
| WhatsApp for iOS |
Affected:
2.19.100
Affected: unspecified , < 2.19.100 (custom) |
||
| WhatsApp for Windows Phone |
Affected:
unspecified , ≤ 2.18.368
(custom)
|
||
| WhatsApp Enterprise Client |
Affected:
2.25.3
Affected: unspecified , < 2.25.3 (custom) |
||
| WhatsApp Business for Android |
Affected:
2.19.104
Affected: unspecified , < 2.19.104 (custom) |
||
| WhatsApp Business for iOS |
Affected:
2.19.100
Affected: unspecified , < 2.19.100 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:10:29.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.facebook.com/security/advisories/cve-2019-11931"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WhatsApp for Android",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.19.274"
},
{
"lessThan": "2.19.274",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp for iOS",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.19.100"
},
{
"lessThan": "2.19.100",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp for Windows Phone",
"vendor": "Facebook",
"versions": [
{
"lessThanOrEqual": "2.18.368",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp Enterprise Client",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.25.3"
},
{
"lessThan": "2.25.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp Business for Android",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.19.104"
},
{
"lessThan": "2.19.104",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp Business for iOS",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.19.100"
},
{
"lessThan": "2.19.100",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2019-11-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow (CWE-121)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-14T22:55:52.000Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.facebook.com/security/advisories/cve-2019-11931"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2019-11-14",
"ID": "CVE-2019-11931",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WhatsApp for Android",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.19.274"
},
{
"version_affected": "\u003c",
"version_value": "2.19.274"
}
]
}
},
{
"product_name": "WhatsApp for iOS",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.19.100"
},
{
"version_affected": "\u003c",
"version_value": "2.19.100"
}
]
}
},
{
"product_name": "WhatsApp for Windows Phone",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2.18.368"
}
]
}
},
{
"product_name": "WhatsApp Enterprise Client",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.25.3"
},
{
"version_affected": "\u003c",
"version_value": "2.25.3"
}
]
}
},
{
"product_name": "WhatsApp Business for Android",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.19.104"
},
{
"version_affected": "\u003c",
"version_value": "2.19.104"
}
]
}
},
{
"product_name": "WhatsApp Business for iOS",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.19.100"
},
{
"version_affected": "\u003c",
"version_value": "2.19.100"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow (CWE-121)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.facebook.com/security/advisories/cve-2019-11931",
"refsource": "CONFIRM",
"url": "https://www.facebook.com/security/advisories/cve-2019-11931"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2019-11931",
"datePublished": "2019-11-14T22:55:52.000Z",
"dateReserved": "2019-05-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:10:29.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6350 (GCVE-0-2018-6350)
Vulnerability from nvd – Published: 2019-06-14 17:02 – Updated: 2024-08-05 06:01
VLAI
Summary
An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers. This issue affects WhatsApp for Android prior to 2.18.276, WhatsApp Business for Android prior to 2.18.99, WhatsApp for iOS prior to 2.18.100.6, WhatsApp Business for iOS prior to 2.18.100.2, and WhatsApp for Windows Phone prior to 2.18.224.
Severity
No CVSS data available.
CWE
- CWE-125 - Out-of-bounds Read (CWE-125)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.facebook.com/security/advisories/cve-… | x_refsource_MISC |
| http://www.securityfocus.com/bid/108803 | vdb-entryx_refsource_BID |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| WhatsApp for Android |
Affected:
2.18.276
Affected: unspecified , < 2.18.276 (custom) |
||
| WhatsApp Business for Android |
Affected:
2.18.99
Affected: unspecified , < 2.18.99 (custom) |
||
| WhatsApp for iOS |
Affected:
2.18.100.6
Affected: unspecified , < 2.18.100.6 (custom) |
||
| WhatsApp Business for iOS |
Affected:
2.18.100.2
Affected: unspecified , < 2.18.100.2 (custom) |
||
| WhatsApp for Windows Phone |
Affected:
2.18.224
Affected: unspecified , < 2.18.224 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:48.744Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.facebook.com/security/advisories/cve-2018-6350/"
},
{
"name": "108803",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108803"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WhatsApp for Android",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.18.276"
},
{
"lessThan": "2.18.276",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp Business for Android",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.18.99"
},
{
"lessThan": "2.18.99",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp for iOS",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.18.100.6"
},
{
"lessThan": "2.18.100.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp Business for iOS",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.18.100.2"
},
{
"lessThan": "2.18.100.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp for Windows Phone",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.18.224"
},
{
"lessThan": "2.18.224",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2018-12-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers. This issue affects WhatsApp for Android prior to 2.18.276, WhatsApp Business for Android prior to 2.18.99, WhatsApp for iOS prior to 2.18.100.6, WhatsApp Business for iOS prior to 2.18.100.2, and WhatsApp for Windows Phone prior to 2.18.224."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-18T16:06:03.000Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.facebook.com/security/advisories/cve-2018-6350/"
},
{
"name": "108803",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108803"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2018-12-30",
"ID": "CVE-2018-6350",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WhatsApp for Android",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.18.276"
},
{
"version_affected": "\u003c",
"version_value": "2.18.276"
}
]
}
},
{
"product_name": "WhatsApp Business for Android",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.18.99"
},
{
"version_affected": "\u003c",
"version_value": "2.18.99"
}
]
}
},
{
"product_name": "WhatsApp for iOS",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.18.100.6"
},
{
"version_affected": "\u003c",
"version_value": "2.18.100.6"
}
]
}
},
{
"product_name": "WhatsApp Business for iOS",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.18.100.2"
},
{
"version_affected": "\u003c",
"version_value": "2.18.100.2"
}
]
}
},
{
"product_name": "WhatsApp for Windows Phone",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.18.224"
},
{
"version_affected": "\u003c",
"version_value": "2.18.224"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers. This issue affects WhatsApp for Android prior to 2.18.276, WhatsApp Business for Android prior to 2.18.99, WhatsApp for iOS prior to 2.18.100.6, WhatsApp Business for iOS prior to 2.18.100.2, and WhatsApp for Windows Phone prior to 2.18.224."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read (CWE-125)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.facebook.com/security/advisories/cve-2018-6350/",
"refsource": "MISC",
"url": "https://www.facebook.com/security/advisories/cve-2018-6350/"
},
{
"name": "108803",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108803"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2018-6350",
"datePublished": "2019-06-14T17:02:57.000Z",
"dateReserved": "2018-01-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:01:48.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3568 (GCVE-0-2019-3568)
Vulnerability from nvd – Published: 2019-05-14 19:52 – Updated: 2025-10-21 23:45Summary
A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.
Severity
9.8 (Critical)
SSVC
Exploitation: active
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-122 - Heap-based Buffer Overflow (CWE-122)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.facebook.com/security/advisories/cve-… | x_refsource_MISC |
| http://www.securityfocus.com/bid/108329 | vdb-entryx_refsource_BID |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| WhatsApp for Android |
Affected:
2.19.134
Affected: unspecified , < 2.19.134 (custom) |
||
| WhatsApp Business for Android |
Affected:
2.19.44
Affected: unspecified , < 2.19.134 (custom) |
||
| WhatsApp for iOS |
Affected:
2.19.51
Affected: unspecified , < 2.19.51 (custom) |
||
| WhatsApp Business for iOS |
Affected:
2.19.51
Affected: unspecified , < 2.19.51 (custom) |
||
| WhatsApp for Windows Phone |
Affected:
2.18.348
Affected: unspecified , < 2.18.348 (custom) |
||
| WhatsApp for Tizen |
Affected:
2.18.15
Affected: unspecified , < 2.18.15 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.facebook.com/security/advisories/cve-2019-3568"
},
{
"name": "108329",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108329"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-3568",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T12:56:07.366286Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-04-19",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-3568"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:45:37.464Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-3568"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-04-19T00:00:00.000Z",
"value": "CVE-2019-3568 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WhatsApp for Android",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.19.134"
},
{
"lessThan": "2.19.134",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp Business for Android",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.19.44"
},
{
"lessThan": "2.19.134",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp for iOS",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.19.51"
},
{
"lessThan": "2.19.51",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp Business for iOS",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.19.51"
},
{
"lessThan": "2.19.51",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp for Windows Phone",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.18.348"
},
{
"lessThan": "2.18.348",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp for Tizen",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.18.15"
},
{
"lessThan": "2.18.15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2019-05-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow (CWE-122)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-13T20:57:11.000Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.facebook.com/security/advisories/cve-2019-3568"
},
{
"name": "108329",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108329"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2019-05-09",
"ID": "CVE-2019-3568",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WhatsApp for Android",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.19.134"
},
{
"version_affected": "\u003c",
"version_value": "2.19.134"
}
]
}
}
]
},
"vendor_name": "Facebook"
},
{
"product": {
"product_data": [
{
"product_name": "WhatsApp Business for Android",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.19.44"
},
{
"version_affected": "\u003c",
"version_value": "2.19.134"
}
]
}
}
]
},
"vendor_name": "Facebook"
},
{
"product": {
"product_data": [
{
"product_name": "WhatsApp for iOS",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.19.51"
},
{
"version_affected": "\u003c",
"version_value": "2.19.51"
}
]
}
}
]
},
"vendor_name": "Facebook"
},
{
"product": {
"product_data": [
{
"product_name": "WhatsApp Business for iOS",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.19.51"
},
{
"version_affected": "\u003c",
"version_value": "2.19.51"
}
]
}
}
]
},
"vendor_name": "Facebook"
},
{
"product": {
"product_data": [
{
"product_name": "WhatsApp for Windows Phone",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.18.348"
},
{
"version_affected": "\u003c",
"version_value": "2.18.348"
}
]
}
}
]
},
"vendor_name": "Facebook"
},
{
"product": {
"product_data": [
{
"product_name": "WhatsApp for Tizen",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.18.15"
},
{
"version_affected": "\u003c",
"version_value": "2.18.15"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow (CWE-122)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.facebook.com/security/advisories/cve-2019-3568",
"refsource": "MISC",
"url": "https://www.facebook.com/security/advisories/cve-2019-3568"
},
{
"name": "108329",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108329"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2019-3568",
"datePublished": "2019-05-14T19:52:40.000Z",
"dateReserved": "2019-01-02T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:45:37.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6344 (GCVE-0-2018-6344)
Vulnerability from nvd – Published: 2018-12-31 22:00 – Updated: 2025-05-06 16:02
VLAI
Summary
A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established. The vulnerability can be used to cause denial of service. It affects WhatsApp for Android prior to v2.18.293, WhatsApp for iOS prior to v2.18.93, and WhatsApp for Windows Phone prior to v2.18.172.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-122 - Heap-based Buffer Overflow (CWE-122)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://googleprojectzero.blogspot.com/2018/12/ad… | x_refsource_MISC |
| http://www.securityfocus.com/bid/106365 | vdb-entryx_refsource_BID |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| WhatsApp for Android |
Affected:
2.18.293
Affected: unspecified , < 2.18.293 (custom) |
||
| WhatsApp for iOS |
Affected:
2.18.93
Affected: unspecified , < 2.18.93 (custom) |
||
| WhatsApp for Windows Phone |
Affected:
2.18.172
Affected: unspecified , < 2.18.172 (custom) |
Date Public
2018-12-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:48.708Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-part-3.html"
},
{
"name": "106365",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106365"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-6344",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-06T16:01:47.642323Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T16:02:35.127Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WhatsApp for Android",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.18.293"
},
{
"lessThan": "2.18.293",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp for iOS",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.18.93"
},
{
"lessThan": "2.18.93",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp for Windows Phone",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.18.172"
},
{
"lessThan": "2.18.172",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2018-11-21T00:00:00.000Z",
"datePublic": "2018-12-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established. The vulnerability can be used to cause denial of service. It affects WhatsApp for Android prior to v2.18.293, WhatsApp for iOS prior to v2.18.93, and WhatsApp for Windows Phone prior to v2.18.172."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow (CWE-122)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-01T10:57:01.000Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-part-3.html"
},
{
"name": "106365",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106365"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2018-11-21",
"ID": "CVE-2018-6344",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WhatsApp for Android",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.18.293"
},
{
"version_affected": "\u003c",
"version_value": "2.18.293"
}
]
}
}
]
},
"vendor_name": "Facebook"
},
{
"product": {
"product_data": [
{
"product_name": "WhatsApp for iOS",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.18.93"
},
{
"version_affected": "\u003c",
"version_value": "2.18.93"
}
]
}
}
]
},
"vendor_name": "Facebook"
},
{
"product": {
"product_data": [
{
"product_name": "WhatsApp for Windows Phone",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.18.172"
},
{
"version_affected": "\u003c",
"version_value": "2.18.172"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established. The vulnerability can be used to cause denial of service. It affects WhatsApp for Android prior to v2.18.293, WhatsApp for iOS prior to v2.18.93, and WhatsApp for Windows Phone prior to v2.18.172."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow (CWE-122)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-part-3.html",
"refsource": "MISC",
"url": "https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-part-3.html"
},
{
"name": "106365",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106365"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2018-6344",
"datePublished": "2018-12-31T22:00:00.000Z",
"dateReserved": "2018-01-26T00:00:00.000Z",
"dateUpdated": "2025-05-06T16:02:35.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11931 (GCVE-0-2019-11931)
Vulnerability from cvelistv5 – Published: 2019-11-14 22:55 – Updated: 2024-08-04 23:10
VLAI
Summary
A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100.
Severity
No CVSS data available.
CWE
- CWE-121 - Stack-based Buffer Overflow (CWE-121)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.facebook.com/security/advisories/cve-… | x_refsource_CONFIRM |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| WhatsApp for Android |
Affected:
2.19.274
Affected: unspecified , < 2.19.274 (custom) |
||
| WhatsApp for iOS |
Affected:
2.19.100
Affected: unspecified , < 2.19.100 (custom) |
||
| WhatsApp for Windows Phone |
Affected:
unspecified , ≤ 2.18.368
(custom)
|
||
| WhatsApp Enterprise Client |
Affected:
2.25.3
Affected: unspecified , < 2.25.3 (custom) |
||
| WhatsApp Business for Android |
Affected:
2.19.104
Affected: unspecified , < 2.19.104 (custom) |
||
| WhatsApp Business for iOS |
Affected:
2.19.100
Affected: unspecified , < 2.19.100 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:10:29.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.facebook.com/security/advisories/cve-2019-11931"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WhatsApp for Android",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.19.274"
},
{
"lessThan": "2.19.274",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp for iOS",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.19.100"
},
{
"lessThan": "2.19.100",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp for Windows Phone",
"vendor": "Facebook",
"versions": [
{
"lessThanOrEqual": "2.18.368",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp Enterprise Client",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.25.3"
},
{
"lessThan": "2.25.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp Business for Android",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.19.104"
},
{
"lessThan": "2.19.104",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp Business for iOS",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.19.100"
},
{
"lessThan": "2.19.100",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2019-11-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow (CWE-121)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-14T22:55:52.000Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.facebook.com/security/advisories/cve-2019-11931"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2019-11-14",
"ID": "CVE-2019-11931",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WhatsApp for Android",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.19.274"
},
{
"version_affected": "\u003c",
"version_value": "2.19.274"
}
]
}
},
{
"product_name": "WhatsApp for iOS",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.19.100"
},
{
"version_affected": "\u003c",
"version_value": "2.19.100"
}
]
}
},
{
"product_name": "WhatsApp for Windows Phone",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2.18.368"
}
]
}
},
{
"product_name": "WhatsApp Enterprise Client",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.25.3"
},
{
"version_affected": "\u003c",
"version_value": "2.25.3"
}
]
}
},
{
"product_name": "WhatsApp Business for Android",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.19.104"
},
{
"version_affected": "\u003c",
"version_value": "2.19.104"
}
]
}
},
{
"product_name": "WhatsApp Business for iOS",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.19.100"
},
{
"version_affected": "\u003c",
"version_value": "2.19.100"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow (CWE-121)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.facebook.com/security/advisories/cve-2019-11931",
"refsource": "CONFIRM",
"url": "https://www.facebook.com/security/advisories/cve-2019-11931"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2019-11931",
"datePublished": "2019-11-14T22:55:52.000Z",
"dateReserved": "2019-05-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:10:29.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6350 (GCVE-0-2018-6350)
Vulnerability from cvelistv5 – Published: 2019-06-14 17:02 – Updated: 2024-08-05 06:01
VLAI
Summary
An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers. This issue affects WhatsApp for Android prior to 2.18.276, WhatsApp Business for Android prior to 2.18.99, WhatsApp for iOS prior to 2.18.100.6, WhatsApp Business for iOS prior to 2.18.100.2, and WhatsApp for Windows Phone prior to 2.18.224.
Severity
No CVSS data available.
CWE
- CWE-125 - Out-of-bounds Read (CWE-125)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.facebook.com/security/advisories/cve-… | x_refsource_MISC |
| http://www.securityfocus.com/bid/108803 | vdb-entryx_refsource_BID |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| WhatsApp for Android |
Affected:
2.18.276
Affected: unspecified , < 2.18.276 (custom) |
||
| WhatsApp Business for Android |
Affected:
2.18.99
Affected: unspecified , < 2.18.99 (custom) |
||
| WhatsApp for iOS |
Affected:
2.18.100.6
Affected: unspecified , < 2.18.100.6 (custom) |
||
| WhatsApp Business for iOS |
Affected:
2.18.100.2
Affected: unspecified , < 2.18.100.2 (custom) |
||
| WhatsApp for Windows Phone |
Affected:
2.18.224
Affected: unspecified , < 2.18.224 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:48.744Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.facebook.com/security/advisories/cve-2018-6350/"
},
{
"name": "108803",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108803"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WhatsApp for Android",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.18.276"
},
{
"lessThan": "2.18.276",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp Business for Android",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.18.99"
},
{
"lessThan": "2.18.99",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp for iOS",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.18.100.6"
},
{
"lessThan": "2.18.100.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp Business for iOS",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.18.100.2"
},
{
"lessThan": "2.18.100.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp for Windows Phone",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.18.224"
},
{
"lessThan": "2.18.224",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2018-12-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers. This issue affects WhatsApp for Android prior to 2.18.276, WhatsApp Business for Android prior to 2.18.99, WhatsApp for iOS prior to 2.18.100.6, WhatsApp Business for iOS prior to 2.18.100.2, and WhatsApp for Windows Phone prior to 2.18.224."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-18T16:06:03.000Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.facebook.com/security/advisories/cve-2018-6350/"
},
{
"name": "108803",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108803"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2018-12-30",
"ID": "CVE-2018-6350",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WhatsApp for Android",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.18.276"
},
{
"version_affected": "\u003c",
"version_value": "2.18.276"
}
]
}
},
{
"product_name": "WhatsApp Business for Android",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.18.99"
},
{
"version_affected": "\u003c",
"version_value": "2.18.99"
}
]
}
},
{
"product_name": "WhatsApp for iOS",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.18.100.6"
},
{
"version_affected": "\u003c",
"version_value": "2.18.100.6"
}
]
}
},
{
"product_name": "WhatsApp Business for iOS",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.18.100.2"
},
{
"version_affected": "\u003c",
"version_value": "2.18.100.2"
}
]
}
},
{
"product_name": "WhatsApp for Windows Phone",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.18.224"
},
{
"version_affected": "\u003c",
"version_value": "2.18.224"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers. This issue affects WhatsApp for Android prior to 2.18.276, WhatsApp Business for Android prior to 2.18.99, WhatsApp for iOS prior to 2.18.100.6, WhatsApp Business for iOS prior to 2.18.100.2, and WhatsApp for Windows Phone prior to 2.18.224."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read (CWE-125)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.facebook.com/security/advisories/cve-2018-6350/",
"refsource": "MISC",
"url": "https://www.facebook.com/security/advisories/cve-2018-6350/"
},
{
"name": "108803",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108803"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2018-6350",
"datePublished": "2019-06-14T17:02:57.000Z",
"dateReserved": "2018-01-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:01:48.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3568 (GCVE-0-2019-3568)
Vulnerability from cvelistv5 – Published: 2019-05-14 19:52 – Updated: 2025-10-21 23:45Summary
A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.
Severity
9.8 (Critical)
SSVC
Exploitation: active
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-122 - Heap-based Buffer Overflow (CWE-122)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.facebook.com/security/advisories/cve-… | x_refsource_MISC |
| http://www.securityfocus.com/bid/108329 | vdb-entryx_refsource_BID |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| WhatsApp for Android |
Affected:
2.19.134
Affected: unspecified , < 2.19.134 (custom) |
||
| WhatsApp Business for Android |
Affected:
2.19.44
Affected: unspecified , < 2.19.134 (custom) |
||
| WhatsApp for iOS |
Affected:
2.19.51
Affected: unspecified , < 2.19.51 (custom) |
||
| WhatsApp Business for iOS |
Affected:
2.19.51
Affected: unspecified , < 2.19.51 (custom) |
||
| WhatsApp for Windows Phone |
Affected:
2.18.348
Affected: unspecified , < 2.18.348 (custom) |
||
| WhatsApp for Tizen |
Affected:
2.18.15
Affected: unspecified , < 2.18.15 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:12:09.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.facebook.com/security/advisories/cve-2019-3568"
},
{
"name": "108329",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108329"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-3568",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T12:56:07.366286Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-04-19",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-3568"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:45:37.464Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-3568"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-04-19T00:00:00.000Z",
"value": "CVE-2019-3568 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WhatsApp for Android",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.19.134"
},
{
"lessThan": "2.19.134",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp Business for Android",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.19.44"
},
{
"lessThan": "2.19.134",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp for iOS",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.19.51"
},
{
"lessThan": "2.19.51",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp Business for iOS",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.19.51"
},
{
"lessThan": "2.19.51",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp for Windows Phone",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.18.348"
},
{
"lessThan": "2.18.348",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp for Tizen",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.18.15"
},
{
"lessThan": "2.18.15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2019-05-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow (CWE-122)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-13T20:57:11.000Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.facebook.com/security/advisories/cve-2019-3568"
},
{
"name": "108329",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108329"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2019-05-09",
"ID": "CVE-2019-3568",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WhatsApp for Android",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.19.134"
},
{
"version_affected": "\u003c",
"version_value": "2.19.134"
}
]
}
}
]
},
"vendor_name": "Facebook"
},
{
"product": {
"product_data": [
{
"product_name": "WhatsApp Business for Android",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.19.44"
},
{
"version_affected": "\u003c",
"version_value": "2.19.134"
}
]
}
}
]
},
"vendor_name": "Facebook"
},
{
"product": {
"product_data": [
{
"product_name": "WhatsApp for iOS",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.19.51"
},
{
"version_affected": "\u003c",
"version_value": "2.19.51"
}
]
}
}
]
},
"vendor_name": "Facebook"
},
{
"product": {
"product_data": [
{
"product_name": "WhatsApp Business for iOS",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.19.51"
},
{
"version_affected": "\u003c",
"version_value": "2.19.51"
}
]
}
}
]
},
"vendor_name": "Facebook"
},
{
"product": {
"product_data": [
{
"product_name": "WhatsApp for Windows Phone",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.18.348"
},
{
"version_affected": "\u003c",
"version_value": "2.18.348"
}
]
}
}
]
},
"vendor_name": "Facebook"
},
{
"product": {
"product_data": [
{
"product_name": "WhatsApp for Tizen",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.18.15"
},
{
"version_affected": "\u003c",
"version_value": "2.18.15"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow (CWE-122)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.facebook.com/security/advisories/cve-2019-3568",
"refsource": "MISC",
"url": "https://www.facebook.com/security/advisories/cve-2019-3568"
},
{
"name": "108329",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108329"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2019-3568",
"datePublished": "2019-05-14T19:52:40.000Z",
"dateReserved": "2019-01-02T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:45:37.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6344 (GCVE-0-2018-6344)
Vulnerability from cvelistv5 – Published: 2018-12-31 22:00 – Updated: 2025-05-06 16:02
VLAI
Summary
A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established. The vulnerability can be used to cause denial of service. It affects WhatsApp for Android prior to v2.18.293, WhatsApp for iOS prior to v2.18.93, and WhatsApp for Windows Phone prior to v2.18.172.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-122 - Heap-based Buffer Overflow (CWE-122)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://googleprojectzero.blogspot.com/2018/12/ad… | x_refsource_MISC |
| http://www.securityfocus.com/bid/106365 | vdb-entryx_refsource_BID |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| WhatsApp for Android |
Affected:
2.18.293
Affected: unspecified , < 2.18.293 (custom) |
||
| WhatsApp for iOS |
Affected:
2.18.93
Affected: unspecified , < 2.18.93 (custom) |
||
| WhatsApp for Windows Phone |
Affected:
2.18.172
Affected: unspecified , < 2.18.172 (custom) |
Date Public
2018-12-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:01:48.708Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-part-3.html"
},
{
"name": "106365",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106365"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-6344",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-06T16:01:47.642323Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T16:02:35.127Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WhatsApp for Android",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.18.293"
},
{
"lessThan": "2.18.293",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp for iOS",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.18.93"
},
{
"lessThan": "2.18.93",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "WhatsApp for Windows Phone",
"vendor": "Facebook",
"versions": [
{
"status": "affected",
"version": "2.18.172"
},
{
"lessThan": "2.18.172",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2018-11-21T00:00:00.000Z",
"datePublic": "2018-12-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established. The vulnerability can be used to cause denial of service. It affects WhatsApp for Android prior to v2.18.293, WhatsApp for iOS prior to v2.18.93, and WhatsApp for Windows Phone prior to v2.18.172."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow (CWE-122)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-01T10:57:01.000Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-part-3.html"
},
{
"name": "106365",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106365"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2018-11-21",
"ID": "CVE-2018-6344",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WhatsApp for Android",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.18.293"
},
{
"version_affected": "\u003c",
"version_value": "2.18.293"
}
]
}
}
]
},
"vendor_name": "Facebook"
},
{
"product": {
"product_data": [
{
"product_name": "WhatsApp for iOS",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.18.93"
},
{
"version_affected": "\u003c",
"version_value": "2.18.93"
}
]
}
}
]
},
"vendor_name": "Facebook"
},
{
"product": {
"product_data": [
{
"product_name": "WhatsApp for Windows Phone",
"version": {
"version_data": [
{
"version_affected": "!=\u003e",
"version_value": "2.18.172"
},
{
"version_affected": "\u003c",
"version_value": "2.18.172"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established. The vulnerability can be used to cause denial of service. It affects WhatsApp for Android prior to v2.18.293, WhatsApp for iOS prior to v2.18.93, and WhatsApp for Windows Phone prior to v2.18.172."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow (CWE-122)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-part-3.html",
"refsource": "MISC",
"url": "https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-part-3.html"
},
{
"name": "106365",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106365"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2018-6344",
"datePublished": "2018-12-31T22:00:00.000Z",
"dateReserved": "2018-01-26T00:00:00.000Z",
"dateUpdated": "2025-05-06T16:02:35.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}