Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for WhatsApp for Windows Phone by Facebook

    CVE-2019-11931 (GCVE-0-2019-11931)

    Vulnerability from nvd – Published: 2019-11-14 22:55 – Updated: 2024-08-04 23:10
    VLAI
    Summary
    A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100.
    Severity
    No CVSS data available.
    CWE
    • CWE-121 - Stack-based Buffer Overflow (CWE-121)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp for Android Affected: 2.19.274
    Affected: unspecified , < 2.19.274 (custom)
    Create a notification for this product.
    Facebook WhatsApp for iOS Affected: 2.19.100
    Affected: unspecified , < 2.19.100 (custom)
    Create a notification for this product.
    Facebook WhatsApp for Windows Phone Affected: unspecified , ≤ 2.18.368 (custom)
    Create a notification for this product.
    Facebook WhatsApp Enterprise Client Affected: 2.25.3
    Affected: unspecified , < 2.25.3 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for Android Affected: 2.19.104
    Affected: unspecified , < 2.19.104 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for iOS Affected: 2.19.100
    Affected: unspecified , < 2.19.100 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:10:29.691Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.facebook.com/security/advisories/cve-2019-11931"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.19.274"
                },
                {
                  "lessThan": "2.19.274",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.19.100"
                },
                {
                  "lessThan": "2.19.100",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for Windows Phone",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThanOrEqual": "2.18.368",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Enterprise Client",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.25.3"
                },
                {
                  "lessThan": "2.25.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.19.104"
                },
                {
                  "lessThan": "2.19.104",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.19.100"
                },
                {
                  "lessThan": "2.19.100",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2019-11-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow (CWE-121)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-14T22:55:52.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.facebook.com/security/advisories/cve-2019-11931"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2019-11-14",
              "ID": "CVE-2019-11931",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.19.274"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.19.274"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.19.100"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.19.100"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for Windows Phone",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "2.18.368"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Enterprise Client",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.25.3"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.25.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.19.104"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.19.104"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.19.100"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.19.100"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Stack-based Buffer Overflow (CWE-121)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.facebook.com/security/advisories/cve-2019-11931",
                  "refsource": "CONFIRM",
                  "url": "https://www.facebook.com/security/advisories/cve-2019-11931"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2019-11931",
        "datePublished": "2019-11-14T22:55:52.000Z",
        "dateReserved": "2019-05-13T00:00:00.000Z",
        "dateUpdated": "2024-08-04T23:10:29.691Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6350 (GCVE-0-2018-6350)

    Vulnerability from nvd – Published: 2019-06-14 17:02 – Updated: 2024-08-05 06:01
    VLAI
    Summary
    An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers. This issue affects WhatsApp for Android prior to 2.18.276, WhatsApp Business for Android prior to 2.18.99, WhatsApp for iOS prior to 2.18.100.6, WhatsApp Business for iOS prior to 2.18.100.2, and WhatsApp for Windows Phone prior to 2.18.224.
    Severity
    No CVSS data available.
    CWE
    • CWE-125 - Out-of-bounds Read (CWE-125)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp for Android Affected: 2.18.276
    Affected: unspecified , < 2.18.276 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for Android Affected: 2.18.99
    Affected: unspecified , < 2.18.99 (custom)
    Create a notification for this product.
    Facebook WhatsApp for iOS Affected: 2.18.100.6
    Affected: unspecified , < 2.18.100.6 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for iOS Affected: 2.18.100.2
    Affected: unspecified , < 2.18.100.2 (custom)
    Create a notification for this product.
    Facebook WhatsApp for Windows Phone Affected: 2.18.224
    Affected: unspecified , < 2.18.224 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:01:48.744Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.facebook.com/security/advisories/cve-2018-6350/"
              },
              {
                "name": "108803",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/108803"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.18.276"
                },
                {
                  "lessThan": "2.18.276",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.18.99"
                },
                {
                  "lessThan": "2.18.99",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.18.100.6"
                },
                {
                  "lessThan": "2.18.100.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.18.100.2"
                },
                {
                  "lessThan": "2.18.100.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for Windows Phone",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.18.224"
                },
                {
                  "lessThan": "2.18.224",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2018-12-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers. This issue affects WhatsApp for Android prior to 2.18.276, WhatsApp Business for Android prior to 2.18.99, WhatsApp for iOS prior to 2.18.100.6, WhatsApp Business for iOS prior to 2.18.100.2, and WhatsApp for Windows Phone prior to 2.18.224."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-bounds Read (CWE-125)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-18T16:06:03.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.facebook.com/security/advisories/cve-2018-6350/"
            },
            {
              "name": "108803",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/108803"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2018-12-30",
              "ID": "CVE-2018-6350",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.18.276"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.18.276"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.18.99"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.18.99"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.18.100.6"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.18.100.6"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.18.100.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.18.100.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for Windows Phone",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.18.224"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.18.224"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers. This issue affects WhatsApp for Android prior to 2.18.276, WhatsApp Business for Android prior to 2.18.99, WhatsApp for iOS prior to 2.18.100.6, WhatsApp Business for iOS prior to 2.18.100.2, and WhatsApp for Windows Phone prior to 2.18.224."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Out-of-bounds Read (CWE-125)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.facebook.com/security/advisories/cve-2018-6350/",
                  "refsource": "MISC",
                  "url": "https://www.facebook.com/security/advisories/cve-2018-6350/"
                },
                {
                  "name": "108803",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/108803"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2018-6350",
        "datePublished": "2019-06-14T17:02:57.000Z",
        "dateReserved": "2018-01-26T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:01:48.744Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3568 (GCVE-0-2019-3568)

    Vulnerability from nvd – Published: 2019-05-14 19:52 – Updated: 2025-10-21 23:45
    VLAI CISA KEVIntel
    Summary
    A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow (CWE-122)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp for Android Affected: 2.19.134
    Affected: unspecified , < 2.19.134 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for Android Affected: 2.19.44
    Affected: unspecified , < 2.19.134 (custom)
    Create a notification for this product.
    Facebook WhatsApp for iOS Affected: 2.19.51
    Affected: unspecified , < 2.19.51 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for iOS Affected: 2.19.51
    Affected: unspecified , < 2.19.51 (custom)
    Create a notification for this product.
    Facebook WhatsApp for Windows Phone Affected: 2.18.348
    Affected: unspecified , < 2.18.348 (custom)
    Create a notification for this product.
    Facebook WhatsApp for Tizen Affected: 2.18.15
    Affected: unspecified , < 2.18.15 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.468Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.facebook.com/security/advisories/cve-2019-3568"
              },
              {
                "name": "108329",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/108329"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-3568",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T12:56:07.366286Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-04-19",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-3568"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:45:37.464Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-3568"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-04-19T00:00:00.000Z",
                "value": "CVE-2019-3568 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.19.134"
                },
                {
                  "lessThan": "2.19.134",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.19.44"
                },
                {
                  "lessThan": "2.19.134",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.19.51"
                },
                {
                  "lessThan": "2.19.51",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.19.51"
                },
                {
                  "lessThan": "2.19.51",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for Windows Phone",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.18.348"
                },
                {
                  "lessThan": "2.18.348",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for Tizen",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.18.15"
                },
                {
                  "lessThan": "2.18.15",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2019-05-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow (CWE-122)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-13T20:57:11.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.facebook.com/security/advisories/cve-2019-3568"
            },
            {
              "name": "108329",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/108329"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2019-05-09",
              "ID": "CVE-2019-3568",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.19.134"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.19.134"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.19.44"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.19.134"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.19.51"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.19.51"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp Business for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.19.51"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.19.51"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp for Windows Phone",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.18.348"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.18.348"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp for Tizen",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.18.15"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.18.15"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Heap-based Buffer Overflow (CWE-122)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.facebook.com/security/advisories/cve-2019-3568",
                  "refsource": "MISC",
                  "url": "https://www.facebook.com/security/advisories/cve-2019-3568"
                },
                {
                  "name": "108329",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/108329"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2019-3568",
        "datePublished": "2019-05-14T19:52:40.000Z",
        "dateReserved": "2019-01-02T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:45:37.464Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6344 (GCVE-0-2018-6344)

    Vulnerability from nvd – Published: 2018-12-31 22:00 – Updated: 2025-05-06 16:02
    VLAI
    Summary
    A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established. The vulnerability can be used to cause denial of service. It affects WhatsApp for Android prior to v2.18.293, WhatsApp for iOS prior to v2.18.93, and WhatsApp for Windows Phone prior to v2.18.172.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow (CWE-122)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp for Android Affected: 2.18.293
    Affected: unspecified , < 2.18.293 (custom)
    Create a notification for this product.
    Facebook WhatsApp for iOS Affected: 2.18.93
    Affected: unspecified , < 2.18.93 (custom)
    Create a notification for this product.
    Facebook WhatsApp for Windows Phone Affected: 2.18.172
    Affected: unspecified , < 2.18.172 (custom)
    Create a notification for this product.
    Date Public
    2018-12-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:01:48.708Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-part-3.html"
              },
              {
                "name": "106365",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106365"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-6344",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-06T16:01:47.642323Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-06T16:02:35.127Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.18.293"
                },
                {
                  "lessThan": "2.18.293",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.18.93"
                },
                {
                  "lessThan": "2.18.93",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for Windows Phone",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.18.172"
                },
                {
                  "lessThan": "2.18.172",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2018-11-21T00:00:00.000Z",
          "datePublic": "2018-12-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established. The vulnerability can be used to cause denial of service. It affects WhatsApp for Android prior to v2.18.293, WhatsApp for iOS prior to v2.18.93, and WhatsApp for Windows Phone prior to v2.18.172."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow (CWE-122)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-01T10:57:01.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-part-3.html"
            },
            {
              "name": "106365",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106365"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2018-11-21",
              "ID": "CVE-2018-6344",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.18.293"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.18.293"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.18.93"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.18.93"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp for Windows Phone",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.18.172"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.18.172"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established. The vulnerability can be used to cause denial of service. It affects WhatsApp for Android prior to v2.18.293, WhatsApp for iOS prior to v2.18.93, and WhatsApp for Windows Phone prior to v2.18.172."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Heap-based Buffer Overflow (CWE-122)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-part-3.html",
                  "refsource": "MISC",
                  "url": "https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-part-3.html"
                },
                {
                  "name": "106365",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106365"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2018-6344",
        "datePublished": "2018-12-31T22:00:00.000Z",
        "dateReserved": "2018-01-26T00:00:00.000Z",
        "dateUpdated": "2025-05-06T16:02:35.127Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-11931 (GCVE-0-2019-11931)

    Vulnerability from cvelistv5 – Published: 2019-11-14 22:55 – Updated: 2024-08-04 23:10
    VLAI
    Summary
    A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100.
    Severity
    No CVSS data available.
    CWE
    • CWE-121 - Stack-based Buffer Overflow (CWE-121)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp for Android Affected: 2.19.274
    Affected: unspecified , < 2.19.274 (custom)
    Create a notification for this product.
    Facebook WhatsApp for iOS Affected: 2.19.100
    Affected: unspecified , < 2.19.100 (custom)
    Create a notification for this product.
    Facebook WhatsApp for Windows Phone Affected: unspecified , ≤ 2.18.368 (custom)
    Create a notification for this product.
    Facebook WhatsApp Enterprise Client Affected: 2.25.3
    Affected: unspecified , < 2.25.3 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for Android Affected: 2.19.104
    Affected: unspecified , < 2.19.104 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for iOS Affected: 2.19.100
    Affected: unspecified , < 2.19.100 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:10:29.691Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.facebook.com/security/advisories/cve-2019-11931"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.19.274"
                },
                {
                  "lessThan": "2.19.274",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.19.100"
                },
                {
                  "lessThan": "2.19.100",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for Windows Phone",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThanOrEqual": "2.18.368",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Enterprise Client",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.25.3"
                },
                {
                  "lessThan": "2.25.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.19.104"
                },
                {
                  "lessThan": "2.19.104",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.19.100"
                },
                {
                  "lessThan": "2.19.100",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2019-11-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow (CWE-121)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-14T22:55:52.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.facebook.com/security/advisories/cve-2019-11931"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2019-11-14",
              "ID": "CVE-2019-11931",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.19.274"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.19.274"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.19.100"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.19.100"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for Windows Phone",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "2.18.368"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Enterprise Client",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.25.3"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.25.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.19.104"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.19.104"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.19.100"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.19.100"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Stack-based Buffer Overflow (CWE-121)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.facebook.com/security/advisories/cve-2019-11931",
                  "refsource": "CONFIRM",
                  "url": "https://www.facebook.com/security/advisories/cve-2019-11931"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2019-11931",
        "datePublished": "2019-11-14T22:55:52.000Z",
        "dateReserved": "2019-05-13T00:00:00.000Z",
        "dateUpdated": "2024-08-04T23:10:29.691Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6350 (GCVE-0-2018-6350)

    Vulnerability from cvelistv5 – Published: 2019-06-14 17:02 – Updated: 2024-08-05 06:01
    VLAI
    Summary
    An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers. This issue affects WhatsApp for Android prior to 2.18.276, WhatsApp Business for Android prior to 2.18.99, WhatsApp for iOS prior to 2.18.100.6, WhatsApp Business for iOS prior to 2.18.100.2, and WhatsApp for Windows Phone prior to 2.18.224.
    Severity
    No CVSS data available.
    CWE
    • CWE-125 - Out-of-bounds Read (CWE-125)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp for Android Affected: 2.18.276
    Affected: unspecified , < 2.18.276 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for Android Affected: 2.18.99
    Affected: unspecified , < 2.18.99 (custom)
    Create a notification for this product.
    Facebook WhatsApp for iOS Affected: 2.18.100.6
    Affected: unspecified , < 2.18.100.6 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for iOS Affected: 2.18.100.2
    Affected: unspecified , < 2.18.100.2 (custom)
    Create a notification for this product.
    Facebook WhatsApp for Windows Phone Affected: 2.18.224
    Affected: unspecified , < 2.18.224 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:01:48.744Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.facebook.com/security/advisories/cve-2018-6350/"
              },
              {
                "name": "108803",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/108803"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.18.276"
                },
                {
                  "lessThan": "2.18.276",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.18.99"
                },
                {
                  "lessThan": "2.18.99",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.18.100.6"
                },
                {
                  "lessThan": "2.18.100.6",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.18.100.2"
                },
                {
                  "lessThan": "2.18.100.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for Windows Phone",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.18.224"
                },
                {
                  "lessThan": "2.18.224",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2018-12-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers. This issue affects WhatsApp for Android prior to 2.18.276, WhatsApp Business for Android prior to 2.18.99, WhatsApp for iOS prior to 2.18.100.6, WhatsApp Business for iOS prior to 2.18.100.2, and WhatsApp for Windows Phone prior to 2.18.224."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "Out-of-bounds Read (CWE-125)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-06-18T16:06:03.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.facebook.com/security/advisories/cve-2018-6350/"
            },
            {
              "name": "108803",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/108803"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2018-12-30",
              "ID": "CVE-2018-6350",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.18.276"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.18.276"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.18.99"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.18.99"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.18.100.6"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.18.100.6"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.18.100.2"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.18.100.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for Windows Phone",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.18.224"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.18.224"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers. This issue affects WhatsApp for Android prior to 2.18.276, WhatsApp Business for Android prior to 2.18.99, WhatsApp for iOS prior to 2.18.100.6, WhatsApp Business for iOS prior to 2.18.100.2, and WhatsApp for Windows Phone prior to 2.18.224."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Out-of-bounds Read (CWE-125)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.facebook.com/security/advisories/cve-2018-6350/",
                  "refsource": "MISC",
                  "url": "https://www.facebook.com/security/advisories/cve-2018-6350/"
                },
                {
                  "name": "108803",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/108803"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2018-6350",
        "datePublished": "2019-06-14T17:02:57.000Z",
        "dateReserved": "2018-01-26T00:00:00.000Z",
        "dateUpdated": "2024-08-05T06:01:48.744Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3568 (GCVE-0-2019-3568)

    Vulnerability from cvelistv5 – Published: 2019-05-14 19:52 – Updated: 2025-10-21 23:45
    VLAI CISA KEVIntel
    Summary
    A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow (CWE-122)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp for Android Affected: 2.19.134
    Affected: unspecified , < 2.19.134 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for Android Affected: 2.19.44
    Affected: unspecified , < 2.19.134 (custom)
    Create a notification for this product.
    Facebook WhatsApp for iOS Affected: 2.19.51
    Affected: unspecified , < 2.19.51 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for iOS Affected: 2.19.51
    Affected: unspecified , < 2.19.51 (custom)
    Create a notification for this product.
    Facebook WhatsApp for Windows Phone Affected: 2.18.348
    Affected: unspecified , < 2.18.348 (custom)
    Create a notification for this product.
    Facebook WhatsApp for Tizen Affected: 2.18.15
    Affected: unspecified , < 2.18.15 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:12:09.468Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.facebook.com/security/advisories/cve-2019-3568"
              },
              {
                "name": "108329",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/108329"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-3568",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T12:56:07.366286Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2022-04-19",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-3568"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:45:37.464Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-3568"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2022-04-19T00:00:00.000Z",
                "value": "CVE-2019-3568 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.19.134"
                },
                {
                  "lessThan": "2.19.134",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.19.44"
                },
                {
                  "lessThan": "2.19.134",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.19.51"
                },
                {
                  "lessThan": "2.19.51",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.19.51"
                },
                {
                  "lessThan": "2.19.51",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for Windows Phone",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.18.348"
                },
                {
                  "lessThan": "2.18.348",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for Tizen",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.18.15"
                },
                {
                  "lessThan": "2.18.15",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2019-05-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow (CWE-122)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-13T20:57:11.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.facebook.com/security/advisories/cve-2019-3568"
            },
            {
              "name": "108329",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/108329"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2019-05-09",
              "ID": "CVE-2019-3568",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.19.134"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.19.134"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.19.44"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.19.134"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.19.51"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.19.51"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp Business for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.19.51"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.19.51"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp for Windows Phone",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.18.348"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.18.348"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp for Tizen",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.18.15"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.18.15"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Heap-based Buffer Overflow (CWE-122)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.facebook.com/security/advisories/cve-2019-3568",
                  "refsource": "MISC",
                  "url": "https://www.facebook.com/security/advisories/cve-2019-3568"
                },
                {
                  "name": "108329",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/108329"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2019-3568",
        "datePublished": "2019-05-14T19:52:40.000Z",
        "dateReserved": "2019-01-02T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:45:37.464Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-6344 (GCVE-0-2018-6344)

    Vulnerability from cvelistv5 – Published: 2018-12-31 22:00 – Updated: 2025-05-06 16:02
    VLAI
    Summary
    A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established. The vulnerability can be used to cause denial of service. It affects WhatsApp for Android prior to v2.18.293, WhatsApp for iOS prior to v2.18.93, and WhatsApp for Windows Phone prior to v2.18.172.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow (CWE-122)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp for Android Affected: 2.18.293
    Affected: unspecified , < 2.18.293 (custom)
    Create a notification for this product.
    Facebook WhatsApp for iOS Affected: 2.18.93
    Affected: unspecified , < 2.18.93 (custom)
    Create a notification for this product.
    Facebook WhatsApp for Windows Phone Affected: 2.18.172
    Affected: unspecified , < 2.18.172 (custom)
    Create a notification for this product.
    Date Public
    2018-12-31 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:01:48.708Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-part-3.html"
              },
              {
                "name": "106365",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106365"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-6344",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-06T16:01:47.642323Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-06T16:02:35.127Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.18.293"
                },
                {
                  "lessThan": "2.18.293",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.18.93"
                },
                {
                  "lessThan": "2.18.93",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for Windows Phone",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.18.172"
                },
                {
                  "lessThan": "2.18.172",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2018-11-21T00:00:00.000Z",
          "datePublic": "2018-12-31T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established. The vulnerability can be used to cause denial of service. It affects WhatsApp for Android prior to v2.18.293, WhatsApp for iOS prior to v2.18.93, and WhatsApp for Windows Phone prior to v2.18.172."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow (CWE-122)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-01T10:57:01.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-part-3.html"
            },
            {
              "name": "106365",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106365"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2018-11-21",
              "ID": "CVE-2018-6344",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.18.293"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.18.293"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.18.93"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.18.93"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  },
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp for Windows Phone",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.18.172"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.18.172"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established. The vulnerability can be used to cause denial of service. It affects WhatsApp for Android prior to v2.18.293, WhatsApp for iOS prior to v2.18.93, and WhatsApp for Windows Phone prior to v2.18.172."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Heap-based Buffer Overflow (CWE-122)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-part-3.html",
                  "refsource": "MISC",
                  "url": "https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-part-3.html"
                },
                {
                  "name": "106365",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106365"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2018-6344",
        "datePublished": "2018-12-31T22:00:00.000Z",
        "dateReserved": "2018-01-26T00:00:00.000Z",
        "dateUpdated": "2025-05-06T16:02:35.127Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }