Search

Find a vulnerability

Search criteria

    54 vulnerabilities found for whatsapp_business by whatsapp

    CVE-2025-55179 (GCVE-0-2025-55179)

    Vulnerability from nvd – Published: 2025-11-18 13:56 – Updated: 2025-11-18 14:25
    VLAI
    Summary
    Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device. We have not seen evidence of exploitation in the wild.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Incorrect Authorization (CWE-863)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp Business for iOS Affected: 2.25.8.14 , < 2.25.23.82 (semver)
    Create a notification for this product.
    Facebook WhatsApp for iOS Affected: 2.25.8.17 , < 2.25.23.73 (semver)
    Create a notification for this product.
    Facebook WhatsApp Desktop for Mac Affected: 2.25.8.14 , < 2.25.23.83 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55179",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-18T14:22:05.852548Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-18T14:25:08.232Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "WhatsApp Business for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "2.25.23.82",
                  "status": "affected",
                  "version": "2.25.8.14",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WhatsApp for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "2.25.23.73",
                  "status": "affected",
                  "version": "2.25.8.17",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WhatsApp Desktop for Mac",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "2.25.23.83",
                  "status": "affected",
                  "version": "2.25.8.14",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "dateAssigned": "2025-11-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger processing of media content from an arbitrary URL on another user\u2019s device. We have not seen evidence of exploitation in the wild."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Incorrect Authorization (CWE-863)",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-18T13:56:31.598Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "Meta"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.facebook.com/security/advisories/cve-2025-55179"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2025/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "Meta",
        "cveId": "CVE-2025-55179",
        "datePublished": "2025-11-18T13:56:31.598Z",
        "dateReserved": "2025-08-08T18:21:47.119Z",
        "dateUpdated": "2025-11-18T14:25:08.232Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-55177 (GCVE-0-2025-55177)

    Vulnerability from nvd – Published: 2025-08-29 15:50 – Updated: 2026-02-26 17:47
    VLAI CISA KEVIntel
    Summary
    Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device. We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Incorrect Authorization (CWE-863)
    Assigner
    Impacted products
    Vendor Product Version
    Facebook WhatsApp Desktop for Mac Affected: 2.22.25.2 , < 2.25.21.78 (semver)
    Create a notification for this product.
    Facebook WhatsApp Business for iOS Affected: 2.22.25.2 , < 2.25.21.78 (semver)
    Create a notification for this product.
    Facebook WhatsApp for iOS Affected: 2.22.25.2 , < 2.25.21.73 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55177",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-30T03:55:35.684164Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2025-09-02",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-55177"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:47:48.837Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-55177"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2025-09-02T00:00:00.000Z",
                "value": "CVE-2025-55177 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "WhatsApp Desktop for Mac",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "2.25.21.78",
                  "status": "affected",
                  "version": "2.22.25.2",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WhatsApp Business for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "2.25.21.78",
                  "status": "affected",
                  "version": "2.22.25.2",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WhatsApp for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "2.25.21.73",
                  "status": "affected",
                  "version": "2.22.25.2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "dateAssigned": "2025-08-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target\u2019s device. We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Incorrect Authorization (CWE-863)",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-30T16:54:33.495Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.facebook.com/security/advisories/cve-2025-55177"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2025/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2025-55177",
        "datePublished": "2025-08-29T15:50:28.578Z",
        "dateReserved": "2025-08-08T18:21:47.118Z",
        "dateUpdated": "2026-02-26T17:47:48.837Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-36934 (GCVE-0-2022-36934)

    Vulnerability from nvd – Published: 2022-09-22 21:30 – Updated: 2025-05-27 16:05
    VLAI
    Summary
    An integer overflow in WhatsApp could result in remote code execution in an established video call.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Meta WhatsApp for iOS Affected: unspecified , < 2.22.16.12 (custom)
    Create a notification for this product.
    Meta WhatsApp Business for iOS Affected: unspecified , < 2.22.16.12 (custom)
    Create a notification for this product.
    Meta WhatsApp for Android Affected: unspecified , < 2.22.16.12 (custom)
    Create a notification for this product.
    Meta WhatsApp Business for Android Affected: unspecified , < 2.22.16.12 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:21:32.100Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2022/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-36934",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-27T16:05:45.458311Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-27T16:05:50.201Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp for iOS",
              "vendor": "Meta",
              "versions": [
                {
                  "lessThan": "2.22.16.12",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for iOS",
              "vendor": "Meta",
              "versions": [
                {
                  "lessThan": "2.22.16.12",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for Android",
              "vendor": "Meta",
              "versions": [
                {
                  "lessThan": "2.22.16.12",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Meta",
              "versions": [
                {
                  "lessThan": "2.22.16.12",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2022-07-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An integer overflow in WhatsApp could result in remote code execution in an established video call."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-22T21:30:11.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2022/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2022-07-27",
              "ID": "CVE-2022-36934",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.22.16.12"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.22.16.12"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.22.16.12"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.22.16.12"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Meta"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An integer overflow in WhatsApp could result in remote code execution in an established video call."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-122"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2022/",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2022/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2022-36934",
        "datePublished": "2022-09-22T21:30:11.000Z",
        "dateReserved": "2022-07-27T00:00:00.000Z",
        "dateUpdated": "2025-05-27T16:05:50.201Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24043 (GCVE-0-2021-24043)

    Vulnerability from nvd – Published: 2022-02-02 11:59 – Updated: 2024-08-03 19:21
    VLAI
    Summary
    A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business for Android v2.21.23.2, WhatsApp for iOS v2.21.230.6, WhatsApp Business for iOS 2.21.230.7, and WhatsApp Desktop v2.2145.0 could have allowed an out-of-bounds heap read if a user sent a malformed RTCP packet during an established call.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:21:17.307Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2021/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "dateAssigned": "2021-11-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business for Android v2.21.23.2, WhatsApp for iOS v2.21.230.6, WhatsApp Business for iOS 2.21.230.7, and WhatsApp Desktop v2.2145.0 could have allowed an out-of-bounds heap read if a user sent a malformed RTCP packet during an established call."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-02T11:59:31.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2021/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2021-11-09",
              "ID": "CVE-2021-24043",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business for Android v2.21.23.2, WhatsApp for iOS v2.21.230.6, WhatsApp Business for iOS 2.21.230.7, and WhatsApp Desktop v2.2145.0 could have allowed an out-of-bounds heap read if a user sent a malformed RTCP packet during an established call."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2021/",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2021/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2021-24043",
        "datePublished": "2022-02-02T11:59:31.000Z",
        "dateReserved": "2021-01-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:21:17.307Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24041 (GCVE-0-2021-24041)

    Vulnerability from nvd – Published: 2021-12-07 19:10 – Updated: 2024-08-03 19:21
    VLAI
    Summary
    A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android v2.21.22.7 could have allowed an out-of-bounds write if a user sent a malicious image.
    Severity
    No CVSS data available.
    CWE
    • CWE-122 - Heap-based Buffer Overflow (CWE-122)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp Business for Android Affected: unspecified , < v2.21.22.7 (custom)
    Unaffected: v2.21.22.7 , < unspecified (custom)
    Create a notification for this product.
    Facebook WhatsApp for Android Affected: unspecified , < v2.21.22.7 (custom)
    Unaffected: v2.21.22.7 , < unspecified (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:21:17.331Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2021/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.21.22.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "v2.21.22.7",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.21.22.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "v2.21.22.7",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2021-11-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android v2.21.22.7 could have allowed an out-of-bounds write if a user sent a malicious image."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow (CWE-122)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-07T19:10:09.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2021/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2021-11-09",
              "ID": "CVE-2021-24041",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.22.7"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "v2.21.22.7"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.22.7"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "v2.21.22.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android v2.21.22.7 could have allowed an out-of-bounds write if a user sent a malicious image."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Heap-based Buffer Overflow (CWE-122)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2021/",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2021/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2021-24041",
        "datePublished": "2021-12-07T19:10:09.000Z",
        "dateReserved": "2021-01-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:21:17.331Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24035 (GCVE-0-2021-24035)

    Vulnerability from nvd – Published: 2021-06-11 03:35 – Updated: 2024-08-03 19:21
    VLAI
    Summary
    A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files.
    Severity
    No CVSS data available.
    CWE
    • CWE-23 - Relative Path Traversal
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp Business for Android Affected: unspecified , < v2.21.8.13 (custom)
    Create a notification for this product.
    Facebook WhatsApp for Android Affected: unspecified , < v2.21.8.13 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:21:17.185Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2021/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.21.8.13",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.21.8.13",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2021-04-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23: Relative Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-11T03:35:10.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2021/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2021-04-21",
              "ID": "CVE-2021-24035",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.8.13"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.8.13"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-23: Relative Path Traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2021/",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2021/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2021-24035",
        "datePublished": "2021-06-11T03:35:10.000Z",
        "dateReserved": "2021-01-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:21:17.185Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24027 (GCVE-0-2021-24027)

    Vulnerability from nvd – Published: 2021-04-06 16:45 – Updated: 2024-08-03 19:21
    VLAI
    Summary
    A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device’s external storage to read cached TLS material.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:21:17.148Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2021/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.21.4.18"
                }
              ]
            },
            {
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.21.4.18",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2021-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device\u2019s external storage to read cached TLS material."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-524",
                  "description": "CWE-524",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-06T16:45:15.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2021/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2021-04-06",
              "ID": "CVE-2021-24027",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "v2.21.4.18"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.4.18"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device\u2019s external storage to read cached TLS material."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-524"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2021/",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2021/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2021-24027",
        "datePublished": "2021-04-06T16:45:15.000Z",
        "dateReserved": "2021-01-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:21:17.148Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24026 (GCVE-0-2021-24026)

    Vulnerability from nvd – Published: 2021-04-06 16:45 – Updated: 2024-08-03 19:21
    VLAI
    Summary
    A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp Business for iOS Affected: unspecified , < v2.21.32 (custom)
    Create a notification for this product.
    Facebook WhatsApp for iOS Affected: unspecified , < v2.21.32 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for Android Affected: unspecified , < v2.21.3 (custom)
    Create a notification for this product.
    Facebook WhatsApp for Android Affected: unspecified , < v2.21.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:21:17.055Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2021/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp Business for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.21.32",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.21.32",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.21.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.21.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2021-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-06T16:45:15.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2021/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2021-04-06",
              "ID": "CVE-2021-24026",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp Business for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.32"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.32"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2021/",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2021/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2021-24026",
        "datePublished": "2021-04-06T16:45:15.000Z",
        "dateReserved": "2021-01-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:21:17.055Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1910 (GCVE-0-2020-1910)

    Vulnerability from nvd – Published: 2021-02-02 19:55 – Updated: 2024-08-04 06:53
    VLAI
    Summary
    A missing bounds check in WhatsApp for Android prior to v2.21.1.13 and WhatsApp Business for Android prior to v2.21.1.13 could have allowed out-of-bounds read and write if a user applied specific image filters to a specially crafted image and sent the resulting image.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    WhatsApp WhatsApp Business for Android Affected: unspecified , < v2.21.1.13 (custom)
    Unaffected: v2.21.1.13 , < unspecified (custom)
    Create a notification for this product.
    WhatsApp WhatsApp for Android Affected: unspecified , < v2.21.1.13 (custom)
    Unaffected: v2.21.1.13 , < unspecified (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:53:59.731Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2021/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp Business for Android",
              "vendor": "WhatsApp",
              "versions": [
                {
                  "lessThan": "v2.21.1.13",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "v2.21.1.13",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for Android",
              "vendor": "WhatsApp",
              "versions": [
                {
                  "lessThan": "v2.21.1.13",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "v2.21.1.13",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2021-02-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A missing bounds check in WhatsApp for Android prior to v2.21.1.13 and WhatsApp Business for Android prior to v2.21.1.13 could have allowed out-of-bounds read and write if a user applied specific image filters to a specially crafted image and sent the resulting image."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-02T19:55:13.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2021/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2021-02-02",
              "ID": "CVE-2020-1910",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.1.13"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "v2.21.1.13"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.1.13"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "v2.21.1.13"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "WhatsApp"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A missing bounds check in WhatsApp for Android prior to v2.21.1.13 and WhatsApp Business for Android prior to v2.21.1.13 could have allowed out-of-bounds read and write if a user applied specific image filters to a specially crafted image and sent the resulting image."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787: Out-of-bounds Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2021/",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2021/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1910",
        "datePublished": "2021-02-02T19:55:13.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:53:59.731Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1909 (GCVE-0-2020-1909)

    Vulnerability from nvd – Published: 2020-11-03 19:15 – Updated: 2024-08-04 06:53
    VLAI
    Summary
    A use-after-free in a logging library in WhatsApp for iOS prior to v2.20.111 and WhatsApp Business for iOS prior to v2.20.111 could have resulted in memory corruption, crashes and potentially code execution. This could have happened only if several events occurred together in sequence, including receiving an animated sticker while placing a WhatsApp video call on hold.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp Business for iOS Affected: 2.20.111
    Affected: unspecified , < 2.20.111 (custom)
    Affected: 2.20.81 , < unspecified (custom)
    Create a notification for this product.
    Facebook WhatsApp for iOS Affected: 2.20.111
    Affected: unspecified , < 2.20.111 (custom)
    Affected: 2.20.81 , < unspecified (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:53:59.797Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2020/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp Business for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.111"
                },
                {
                  "lessThan": "2.20.111",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "2.20.81",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.111"
                },
                {
                  "lessThan": "2.20.111",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "2.20.81",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2020-11-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A use-after-free in a logging library in WhatsApp for iOS prior to v2.20.111 and WhatsApp Business for iOS prior to v2.20.111 could have resulted in memory corruption, crashes and potentially code execution. This could have happened only if several events occurred together in sequence, including receiving an animated sticker while placing a WhatsApp video call on hold."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416: Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-11-03T19:15:17.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2020/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2020-11-03",
              "ID": "CVE-2020-1909",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp Business for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.111"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.111"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "2.20.81"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.111"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.111"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "2.20.81"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A use-after-free in a logging library in WhatsApp for iOS prior to v2.20.111 and WhatsApp Business for iOS prior to v2.20.111 could have resulted in memory corruption, crashes and potentially code execution. This could have happened only if several events occurred together in sequence, including receiving an animated sticker while placing a WhatsApp video call on hold."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-416: Use After Free"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2020/",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2020/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1909",
        "datePublished": "2020-11-03T19:15:17.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:53:59.797Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1908 (GCVE-0-2020-1908)

    Vulnerability from nvd – Published: 2020-11-03 19:15 – Updated: 2024-08-04 06:53
    VLAI
    Summary
    Improper authorization of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior to v2.20.100 could have permitted use of Siri to interact with the WhatsApp application even after the phone was locked.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp Business for iOS Affected: 2.20.100
    Affected: unspecified , < 2.20.100 (custom)
    Create a notification for this product.
    Facebook WhatsApp for iOS Affected: 2.20.100
    Affected: unspecified , < 2.20.100 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:53:59.916Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2020/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp Business for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.100"
                },
                {
                  "lessThan": "2.20.100",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.100"
                },
                {
                  "lessThan": "2.20.100",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2020-11-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper authorization of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior to v2.20.100 could have permitted use of Siri to interact with the WhatsApp application even after the phone was locked."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285: Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-11-03T19:15:16.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2020/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2020-11-03",
              "ID": "CVE-2020-1908",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp Business for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.100"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.100"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.100"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.100"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper authorization of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior to v2.20.100 could have permitted use of Siri to interact with the WhatsApp application even after the phone was locked."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285: Improper Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2020/",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2020/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1908",
        "datePublished": "2020-11-03T19:15:16.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:53:59.916Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1907 (GCVE-0-2020-1907)

    Vulnerability from nvd – Published: 2020-10-06 17:35 – Updated: 2024-08-04 06:53
    VLAI
    Summary
    A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsApp Business for Android prior to v2.20.196.12, WhatsApp for iOS prior to v2.20.90, WhatsApp Business for iOS prior to v2.20.90, and WhatsApp for Portal prior to v173.0.0.29.505 could have allowed arbitrary code execution when parsing the contents of an RTP Extension header.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp for Android Affected: 2.20.196.16
    Affected: unspecified , < 2.20.196.16 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for Android Affected: 2.20.196.12
    Affected: unspecified , < 2.20.196.12 (custom)
    Create a notification for this product.
    Facebook WhatsApp for iOS Affected: 2.20.90
    Affected: unspecified , < 2.20.90 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for iOS Affected: 2.20.90
    Affected: unspecified , < 2.20.90 (custom)
    Create a notification for this product.
    Facebook WhatsApp for Portal Affected: 173.0.0.29.505
    Affected: unspecified , < 173.0.0.29.505 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:53:59.972Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2020/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.196.16"
                },
                {
                  "lessThan": "2.20.196.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.196.12"
                },
                {
                  "lessThan": "2.20.196.12",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.90"
                },
                {
                  "lessThan": "2.20.90",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.90"
                },
                {
                  "lessThan": "2.20.90",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for Portal",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "173.0.0.29.505"
                },
                {
                  "lessThan": "173.0.0.29.505",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2020-10-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsApp Business for Android prior to v2.20.196.12, WhatsApp for iOS prior to v2.20.90, WhatsApp Business for iOS prior to v2.20.90, and WhatsApp for Portal prior to v173.0.0.29.505 could have allowed arbitrary code execution when parsing the contents of an RTP Extension header."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-06T17:35:27.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2020/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2020-10-06",
              "ID": "CVE-2020-1907",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.196.16"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.196.16"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.196.12"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.196.12"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.90"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.90"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.90"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.90"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for Portal",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "173.0.0.29.505"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "173.0.0.29.505"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsApp Business for Android prior to v2.20.196.12, WhatsApp for iOS prior to v2.20.90, WhatsApp Business for iOS prior to v2.20.90, and WhatsApp for Portal prior to v173.0.0.29.505 could have allowed arbitrary code execution when parsing the contents of an RTP Extension header."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787: Out-of-bounds Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2020/",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2020/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1907",
        "datePublished": "2020-10-06T17:35:27.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:53:59.972Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1906 (GCVE-0-2020-1906)

    Vulnerability from nvd – Published: 2020-10-06 17:35 – Updated: 2024-08-04 06:53
    VLAI
    Summary
    A buffer overflow in WhatsApp for Android prior to v2.20.130 and WhatsApp Business for Android prior to v2.20.46 could have allowed an out-of-bounds write when processing malformed local videos with E-AC-3 audio streams.
    Severity
    No CVSS data available.
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp for Android Affected: 2.20.130
    Affected: unspecified , < 2.20.130 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for Android Affected: 2.20.46
    Affected: unspecified , < 2.20.46 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:53:59.903Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2020/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.130"
                },
                {
                  "lessThan": "2.20.130",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.46"
                },
                {
                  "lessThan": "2.20.46",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2020-10-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A buffer overflow in WhatsApp for Android prior to v2.20.130 and WhatsApp Business for Android prior to v2.20.46 could have allowed an out-of-bounds write when processing malformed local videos with E-AC-3 audio streams."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-06T17:35:26.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2020/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2020-10-06",
              "ID": "CVE-2020-1906",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.130"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.130"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.46"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.46"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A buffer overflow in WhatsApp for Android prior to v2.20.130 and WhatsApp Business for Android prior to v2.20.46 could have allowed an out-of-bounds write when processing malformed local videos with E-AC-3 audio streams."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-122: Heap-based Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2020/",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2020/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1906",
        "datePublished": "2020-10-06T17:35:26.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:53:59.903Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1904 (GCVE-0-2020-1904)

    Vulnerability from nvd – Published: 2020-10-06 17:35 – Updated: 2024-08-04 06:54
    VLAI
    Summary
    A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed for directory traversal overwriting files when sending specially crafted docx, xlsx, and pptx files as attachments to messages.
    Severity
    No CVSS data available.
    CWE
    • CWE-23 - Relative Path Traversal
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp for iOS Affected: 2.20.61
    Affected: unspecified , < 2.20.61 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for iOS Affected: 2.20.61
    Affected: unspecified , < 2.20.61 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:54:00.435Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2020/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.61"
                },
                {
                  "lessThan": "2.20.61",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.61"
                },
                {
                  "lessThan": "2.20.61",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2020-10-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed for directory traversal overwriting files when sending specially crafted docx, xlsx, and pptx files as attachments to messages."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23: Relative Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-02T11:59:30.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2020/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2020-10-06",
              "ID": "CVE-2020-1904",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.61"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.61"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.61"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.61"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed for directory traversal overwriting files when sending specially crafted docx, xlsx, and pptx files as attachments to messages."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-23: Relative Path Traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2020/",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2020/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1904",
        "datePublished": "2020-10-06T17:35:26.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:54:00.435Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1903 (GCVE-0-2020-1903)

    Vulnerability from nvd – Published: 2020-10-06 17:35 – Updated: 2024-08-04 06:53
    VLAI
    Summary
    An issue when unzipping docx, pptx, and xlsx documents in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have resulted in an out-of-memory denial of service. This issue would have required the receiver to explicitly open the attachment if it was received from a number not in the receiver's WhatsApp contacts.
    Severity
    No CVSS data available.
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp for iOS Affected: 2.20.61
    Affected: unspecified , < 2.20.61 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for iOS Affected: 2.20.61
    Affected: unspecified , < 2.20.61 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:53:59.757Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2020/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.61"
                },
                {
                  "lessThan": "2.20.61",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.61"
                },
                {
                  "lessThan": "2.20.61",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2020-10-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue when unzipping docx, pptx, and xlsx documents in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have resulted in an out-of-memory denial of service. This issue would have required the receiver to explicitly open the attachment if it was received from a number not in the receiver\u0027s WhatsApp contacts."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-06T17:35:25.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2020/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2020-10-06",
              "ID": "CVE-2020-1903",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.61"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.61"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.61"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.61"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue when unzipping docx, pptx, and xlsx documents in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have resulted in an out-of-memory denial of service. This issue would have required the receiver to explicitly open the attachment if it was received from a number not in the receiver\u0027s WhatsApp contacts."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-400: Uncontrolled Resource Consumption"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2020/",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2020/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1903",
        "datePublished": "2020-10-06T17:35:25.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:53:59.757Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1902 (GCVE-0-2020-1902)

    Vulnerability from nvd – Published: 2020-10-06 17:35 – Updated: 2024-08-04 06:53
    VLAI
    Summary
    A user running a quick search on a highly forwarded message on WhatsApp for Android from v2.20.108 to v2.20.140 or WhatsApp Business for Android from v2.20.35 to v2.20.49 could have been sent to the Google service over plain HTTP.
    Severity
    No CVSS data available.
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp for Android Affected: 2.20.140
    Affected: unspecified , < 2.20.140 (custom)
    Unaffected: unspecified , < 2.20.108 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for Android Affected: 2.20.49
    Affected: unspecified , < 2.20.49 (custom)
    Unaffected: unspecified , < 2.20.35 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:53:59.913Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2020/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.140"
                },
                {
                  "lessThan": "2.20.140",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.20.108",
                  "status": "unaffected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.49"
                },
                {
                  "lessThan": "2.20.49",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.20.35",
                  "status": "unaffected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2020-10-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A user running a quick search on a highly forwarded message on WhatsApp for Android from v2.20.108 to v2.20.140 or WhatsApp Business for Android from v2.20.35 to v2.20.49 could have been sent to the Google service over plain HTTP."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-06T17:35:25.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2020/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2020-10-06",
              "ID": "CVE-2020-1902",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.140"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.140"
                              },
                              {
                                "version_affected": "!\u003c",
                                "version_value": "2.20.108"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.49"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.49"
                              },
                              {
                                "version_affected": "!\u003c",
                                "version_value": "2.20.35"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A user running a quick search on a highly forwarded message on WhatsApp for Android from v2.20.108 to v2.20.140 or WhatsApp Business for Android from v2.20.35 to v2.20.49 could have been sent to the Google service over plain HTTP."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2020/",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2020/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1902",
        "datePublished": "2020-10-06T17:35:25.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:53:59.913Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-55179 (GCVE-0-2025-55179)

    Vulnerability from cvelistv5 – Published: 2025-11-18 13:56 – Updated: 2025-11-18 14:25
    VLAI
    Summary
    Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device. We have not seen evidence of exploitation in the wild.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Incorrect Authorization (CWE-863)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp Business for iOS Affected: 2.25.8.14 , < 2.25.23.82 (semver)
    Create a notification for this product.
    Facebook WhatsApp for iOS Affected: 2.25.8.17 , < 2.25.23.73 (semver)
    Create a notification for this product.
    Facebook WhatsApp Desktop for Mac Affected: 2.25.8.14 , < 2.25.23.83 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55179",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-18T14:22:05.852548Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-18T14:25:08.232Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "WhatsApp Business for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "2.25.23.82",
                  "status": "affected",
                  "version": "2.25.8.14",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WhatsApp for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "2.25.23.73",
                  "status": "affected",
                  "version": "2.25.8.17",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WhatsApp Desktop for Mac",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "2.25.23.83",
                  "status": "affected",
                  "version": "2.25.8.14",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "dateAssigned": "2025-11-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger processing of media content from an arbitrary URL on another user\u2019s device. We have not seen evidence of exploitation in the wild."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Incorrect Authorization (CWE-863)",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-18T13:56:31.598Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "Meta"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.facebook.com/security/advisories/cve-2025-55179"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2025/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "Meta",
        "cveId": "CVE-2025-55179",
        "datePublished": "2025-11-18T13:56:31.598Z",
        "dateReserved": "2025-08-08T18:21:47.119Z",
        "dateUpdated": "2025-11-18T14:25:08.232Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-55177 (GCVE-0-2025-55177)

    Vulnerability from cvelistv5 – Published: 2025-08-29 15:50 – Updated: 2026-02-26 17:47
    VLAI CISA KEVIntel
    Summary
    Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device. We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Incorrect Authorization (CWE-863)
    Assigner
    Impacted products
    Vendor Product Version
    Facebook WhatsApp Desktop for Mac Affected: 2.22.25.2 , < 2.25.21.78 (semver)
    Create a notification for this product.
    Facebook WhatsApp Business for iOS Affected: 2.22.25.2 , < 2.25.21.78 (semver)
    Create a notification for this product.
    Facebook WhatsApp for iOS Affected: 2.22.25.2 , < 2.25.21.73 (semver)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55177",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-30T03:55:35.684164Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2025-09-02",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-55177"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:47:48.837Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-55177"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2025-09-02T00:00:00.000Z",
                "value": "CVE-2025-55177 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "WhatsApp Desktop for Mac",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "2.25.21.78",
                  "status": "affected",
                  "version": "2.22.25.2",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WhatsApp Business for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "2.25.21.78",
                  "status": "affected",
                  "version": "2.22.25.2",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WhatsApp for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "2.25.21.73",
                  "status": "affected",
                  "version": "2.22.25.2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "dateAssigned": "2025-08-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target\u2019s device. We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Incorrect Authorization (CWE-863)",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-30T16:54:33.495Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.facebook.com/security/advisories/cve-2025-55177"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2025/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2025-55177",
        "datePublished": "2025-08-29T15:50:28.578Z",
        "dateReserved": "2025-08-08T18:21:47.118Z",
        "dateUpdated": "2026-02-26T17:47:48.837Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-36934 (GCVE-0-2022-36934)

    Vulnerability from cvelistv5 – Published: 2022-09-22 21:30 – Updated: 2025-05-27 16:05
    VLAI
    Summary
    An integer overflow in WhatsApp could result in remote code execution in an established video call.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Meta WhatsApp for iOS Affected: unspecified , < 2.22.16.12 (custom)
    Create a notification for this product.
    Meta WhatsApp Business for iOS Affected: unspecified , < 2.22.16.12 (custom)
    Create a notification for this product.
    Meta WhatsApp for Android Affected: unspecified , < 2.22.16.12 (custom)
    Create a notification for this product.
    Meta WhatsApp Business for Android Affected: unspecified , < 2.22.16.12 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:21:32.100Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2022/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-36934",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-27T16:05:45.458311Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-27T16:05:50.201Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp for iOS",
              "vendor": "Meta",
              "versions": [
                {
                  "lessThan": "2.22.16.12",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for iOS",
              "vendor": "Meta",
              "versions": [
                {
                  "lessThan": "2.22.16.12",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for Android",
              "vendor": "Meta",
              "versions": [
                {
                  "lessThan": "2.22.16.12",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Meta",
              "versions": [
                {
                  "lessThan": "2.22.16.12",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2022-07-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An integer overflow in WhatsApp could result in remote code execution in an established video call."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-09-22T21:30:11.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2022/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2022-07-27",
              "ID": "CVE-2022-36934",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.22.16.12"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.22.16.12"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.22.16.12"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.22.16.12"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Meta"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An integer overflow in WhatsApp could result in remote code execution in an established video call."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-122"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2022/",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2022/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2022-36934",
        "datePublished": "2022-09-22T21:30:11.000Z",
        "dateReserved": "2022-07-27T00:00:00.000Z",
        "dateUpdated": "2025-05-27T16:05:50.201Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24043 (GCVE-0-2021-24043)

    Vulnerability from cvelistv5 – Published: 2022-02-02 11:59 – Updated: 2024-08-03 19:21
    VLAI
    Summary
    A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business for Android v2.21.23.2, WhatsApp for iOS v2.21.230.6, WhatsApp Business for iOS 2.21.230.7, and WhatsApp Desktop v2.2145.0 could have allowed an out-of-bounds heap read if a user sent a malformed RTCP packet during an established call.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:21:17.307Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2021/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "dateAssigned": "2021-11-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business for Android v2.21.23.2, WhatsApp for iOS v2.21.230.6, WhatsApp Business for iOS 2.21.230.7, and WhatsApp Desktop v2.2145.0 could have allowed an out-of-bounds heap read if a user sent a malformed RTCP packet during an established call."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-02T11:59:31.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2021/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2021-11-09",
              "ID": "CVE-2021-24043",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business for Android v2.21.23.2, WhatsApp for iOS v2.21.230.6, WhatsApp Business for iOS 2.21.230.7, and WhatsApp Desktop v2.2145.0 could have allowed an out-of-bounds heap read if a user sent a malformed RTCP packet during an established call."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2021/",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2021/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2021-24043",
        "datePublished": "2022-02-02T11:59:31.000Z",
        "dateReserved": "2021-01-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:21:17.307Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24041 (GCVE-0-2021-24041)

    Vulnerability from cvelistv5 – Published: 2021-12-07 19:10 – Updated: 2024-08-03 19:21
    VLAI
    Summary
    A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android v2.21.22.7 could have allowed an out-of-bounds write if a user sent a malicious image.
    Severity
    No CVSS data available.
    CWE
    • CWE-122 - Heap-based Buffer Overflow (CWE-122)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp Business for Android Affected: unspecified , < v2.21.22.7 (custom)
    Unaffected: v2.21.22.7 , < unspecified (custom)
    Create a notification for this product.
    Facebook WhatsApp for Android Affected: unspecified , < v2.21.22.7 (custom)
    Unaffected: v2.21.22.7 , < unspecified (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:21:17.331Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2021/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.21.22.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "v2.21.22.7",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.21.22.7",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "v2.21.22.7",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2021-11-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android v2.21.22.7 could have allowed an out-of-bounds write if a user sent a malicious image."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "Heap-based Buffer Overflow (CWE-122)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-12-07T19:10:09.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2021/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2021-11-09",
              "ID": "CVE-2021-24041",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.22.7"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "v2.21.22.7"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.22.7"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "v2.21.22.7"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android v2.21.22.7 could have allowed an out-of-bounds write if a user sent a malicious image."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Heap-based Buffer Overflow (CWE-122)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2021/",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2021/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2021-24041",
        "datePublished": "2021-12-07T19:10:09.000Z",
        "dateReserved": "2021-01-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:21:17.331Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24035 (GCVE-0-2021-24035)

    Vulnerability from cvelistv5 – Published: 2021-06-11 03:35 – Updated: 2024-08-03 19:21
    VLAI
    Summary
    A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files.
    Severity
    No CVSS data available.
    CWE
    • CWE-23 - Relative Path Traversal
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp Business for Android Affected: unspecified , < v2.21.8.13 (custom)
    Create a notification for this product.
    Facebook WhatsApp for Android Affected: unspecified , < v2.21.8.13 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:21:17.185Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2021/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.21.8.13",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.21.8.13",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2021-04-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23: Relative Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-06-11T03:35:10.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2021/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2021-04-21",
              "ID": "CVE-2021-24035",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.8.13"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.8.13"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-23: Relative Path Traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2021/",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2021/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2021-24035",
        "datePublished": "2021-06-11T03:35:10.000Z",
        "dateReserved": "2021-01-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:21:17.185Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24027 (GCVE-0-2021-24027)

    Vulnerability from cvelistv5 – Published: 2021-04-06 16:45 – Updated: 2024-08-03 19:21
    VLAI
    Summary
    A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device’s external storage to read cached TLS material.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:21:17.148Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2021/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "v2.21.4.18"
                }
              ]
            },
            {
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.21.4.18",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2021-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device\u2019s external storage to read cached TLS material."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-524",
                  "description": "CWE-524",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-06T16:45:15.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2021/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2021-04-06",
              "ID": "CVE-2021-24027",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "v2.21.4.18"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.4.18"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device\u2019s external storage to read cached TLS material."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-524"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2021/",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2021/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2021-24027",
        "datePublished": "2021-04-06T16:45:15.000Z",
        "dateReserved": "2021-01-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:21:17.148Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24026 (GCVE-0-2021-24026)

    Vulnerability from cvelistv5 – Published: 2021-04-06 16:45 – Updated: 2024-08-03 19:21
    VLAI
    Summary
    A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp Business for iOS Affected: unspecified , < v2.21.32 (custom)
    Create a notification for this product.
    Facebook WhatsApp for iOS Affected: unspecified , < v2.21.32 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for Android Affected: unspecified , < v2.21.3 (custom)
    Create a notification for this product.
    Facebook WhatsApp for Android Affected: unspecified , < v2.21.3 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:21:17.055Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2021/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp Business for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.21.32",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.21.32",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.21.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "lessThan": "v2.21.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2021-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-06T16:45:15.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2021/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2021-04-06",
              "ID": "CVE-2021-24026",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp Business for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.32"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.32"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2021/",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2021/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2021-24026",
        "datePublished": "2021-04-06T16:45:15.000Z",
        "dateReserved": "2021-01-13T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:21:17.055Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1910 (GCVE-0-2020-1910)

    Vulnerability from cvelistv5 – Published: 2021-02-02 19:55 – Updated: 2024-08-04 06:53
    VLAI
    Summary
    A missing bounds check in WhatsApp for Android prior to v2.21.1.13 and WhatsApp Business for Android prior to v2.21.1.13 could have allowed out-of-bounds read and write if a user applied specific image filters to a specially crafted image and sent the resulting image.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    WhatsApp WhatsApp Business for Android Affected: unspecified , < v2.21.1.13 (custom)
    Unaffected: v2.21.1.13 , < unspecified (custom)
    Create a notification for this product.
    WhatsApp WhatsApp for Android Affected: unspecified , < v2.21.1.13 (custom)
    Unaffected: v2.21.1.13 , < unspecified (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:53:59.731Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2021/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp Business for Android",
              "vendor": "WhatsApp",
              "versions": [
                {
                  "lessThan": "v2.21.1.13",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "v2.21.1.13",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for Android",
              "vendor": "WhatsApp",
              "versions": [
                {
                  "lessThan": "v2.21.1.13",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "unaffected",
                  "version": "v2.21.1.13",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2021-02-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A missing bounds check in WhatsApp for Android prior to v2.21.1.13 and WhatsApp Business for Android prior to v2.21.1.13 could have allowed out-of-bounds read and write if a user applied specific image filters to a specially crafted image and sent the resulting image."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-02-02T19:55:13.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2021/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2021-02-02",
              "ID": "CVE-2020-1910",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.1.13"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "v2.21.1.13"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "v2.21.1.13"
                              },
                              {
                                "version_affected": "!\u003e=",
                                "version_value": "v2.21.1.13"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "WhatsApp"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A missing bounds check in WhatsApp for Android prior to v2.21.1.13 and WhatsApp Business for Android prior to v2.21.1.13 could have allowed out-of-bounds read and write if a user applied specific image filters to a specially crafted image and sent the resulting image."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787: Out-of-bounds Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2021/",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2021/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1910",
        "datePublished": "2021-02-02T19:55:13.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:53:59.731Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1909 (GCVE-0-2020-1909)

    Vulnerability from cvelistv5 – Published: 2020-11-03 19:15 – Updated: 2024-08-04 06:53
    VLAI
    Summary
    A use-after-free in a logging library in WhatsApp for iOS prior to v2.20.111 and WhatsApp Business for iOS prior to v2.20.111 could have resulted in memory corruption, crashes and potentially code execution. This could have happened only if several events occurred together in sequence, including receiving an animated sticker while placing a WhatsApp video call on hold.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp Business for iOS Affected: 2.20.111
    Affected: unspecified , < 2.20.111 (custom)
    Affected: 2.20.81 , < unspecified (custom)
    Create a notification for this product.
    Facebook WhatsApp for iOS Affected: 2.20.111
    Affected: unspecified , < 2.20.111 (custom)
    Affected: 2.20.81 , < unspecified (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:53:59.797Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2020/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp Business for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.111"
                },
                {
                  "lessThan": "2.20.111",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "2.20.81",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.111"
                },
                {
                  "lessThan": "2.20.111",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                },
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "2.20.81",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2020-11-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A use-after-free in a logging library in WhatsApp for iOS prior to v2.20.111 and WhatsApp Business for iOS prior to v2.20.111 could have resulted in memory corruption, crashes and potentially code execution. This could have happened only if several events occurred together in sequence, including receiving an animated sticker while placing a WhatsApp video call on hold."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416: Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-11-03T19:15:17.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2020/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2020-11-03",
              "ID": "CVE-2020-1909",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp Business for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.111"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.111"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "2.20.81"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.111"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.111"
                              },
                              {
                                "version_affected": "\u003e=",
                                "version_value": "2.20.81"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A use-after-free in a logging library in WhatsApp for iOS prior to v2.20.111 and WhatsApp Business for iOS prior to v2.20.111 could have resulted in memory corruption, crashes and potentially code execution. This could have happened only if several events occurred together in sequence, including receiving an animated sticker while placing a WhatsApp video call on hold."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-416: Use After Free"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2020/",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2020/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1909",
        "datePublished": "2020-11-03T19:15:17.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:53:59.797Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1908 (GCVE-0-2020-1908)

    Vulnerability from cvelistv5 – Published: 2020-11-03 19:15 – Updated: 2024-08-04 06:53
    VLAI
    Summary
    Improper authorization of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior to v2.20.100 could have permitted use of Siri to interact with the WhatsApp application even after the phone was locked.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp Business for iOS Affected: 2.20.100
    Affected: unspecified , < 2.20.100 (custom)
    Create a notification for this product.
    Facebook WhatsApp for iOS Affected: 2.20.100
    Affected: unspecified , < 2.20.100 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:53:59.916Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2020/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp Business for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.100"
                },
                {
                  "lessThan": "2.20.100",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.100"
                },
                {
                  "lessThan": "2.20.100",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2020-11-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper authorization of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior to v2.20.100 could have permitted use of Siri to interact with the WhatsApp application even after the phone was locked."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285: Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-11-03T19:15:16.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2020/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2020-11-03",
              "ID": "CVE-2020-1908",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp Business for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.100"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.100"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.100"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.100"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper authorization of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior to v2.20.100 could have permitted use of Siri to interact with the WhatsApp application even after the phone was locked."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285: Improper Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2020/",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2020/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1908",
        "datePublished": "2020-11-03T19:15:16.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:53:59.916Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1907 (GCVE-0-2020-1907)

    Vulnerability from cvelistv5 – Published: 2020-10-06 17:35 – Updated: 2024-08-04 06:53
    VLAI
    Summary
    A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsApp Business for Android prior to v2.20.196.12, WhatsApp for iOS prior to v2.20.90, WhatsApp Business for iOS prior to v2.20.90, and WhatsApp for Portal prior to v173.0.0.29.505 could have allowed arbitrary code execution when parsing the contents of an RTP Extension header.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp for Android Affected: 2.20.196.16
    Affected: unspecified , < 2.20.196.16 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for Android Affected: 2.20.196.12
    Affected: unspecified , < 2.20.196.12 (custom)
    Create a notification for this product.
    Facebook WhatsApp for iOS Affected: 2.20.90
    Affected: unspecified , < 2.20.90 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for iOS Affected: 2.20.90
    Affected: unspecified , < 2.20.90 (custom)
    Create a notification for this product.
    Facebook WhatsApp for Portal Affected: 173.0.0.29.505
    Affected: unspecified , < 173.0.0.29.505 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:53:59.972Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2020/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.196.16"
                },
                {
                  "lessThan": "2.20.196.16",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.196.12"
                },
                {
                  "lessThan": "2.20.196.12",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.90"
                },
                {
                  "lessThan": "2.20.90",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.90"
                },
                {
                  "lessThan": "2.20.90",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp for Portal",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "173.0.0.29.505"
                },
                {
                  "lessThan": "173.0.0.29.505",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2020-10-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsApp Business for Android prior to v2.20.196.12, WhatsApp for iOS prior to v2.20.90, WhatsApp Business for iOS prior to v2.20.90, and WhatsApp for Portal prior to v173.0.0.29.505 could have allowed arbitrary code execution when parsing the contents of an RTP Extension header."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-06T17:35:27.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2020/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2020-10-06",
              "ID": "CVE-2020-1907",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.196.16"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.196.16"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.196.12"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.196.12"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.90"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.90"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.90"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.90"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp for Portal",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "173.0.0.29.505"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "173.0.0.29.505"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsApp Business for Android prior to v2.20.196.12, WhatsApp for iOS prior to v2.20.90, WhatsApp Business for iOS prior to v2.20.90, and WhatsApp for Portal prior to v173.0.0.29.505 could have allowed arbitrary code execution when parsing the contents of an RTP Extension header."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787: Out-of-bounds Write"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2020/",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2020/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1907",
        "datePublished": "2020-10-06T17:35:27.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:53:59.972Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1906 (GCVE-0-2020-1906)

    Vulnerability from cvelistv5 – Published: 2020-10-06 17:35 – Updated: 2024-08-04 06:53
    VLAI
    Summary
    A buffer overflow in WhatsApp for Android prior to v2.20.130 and WhatsApp Business for Android prior to v2.20.46 could have allowed an out-of-bounds write when processing malformed local videos with E-AC-3 audio streams.
    Severity
    No CVSS data available.
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp for Android Affected: 2.20.130
    Affected: unspecified , < 2.20.130 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for Android Affected: 2.20.46
    Affected: unspecified , < 2.20.46 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:53:59.903Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2020/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.130"
                },
                {
                  "lessThan": "2.20.130",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for Android",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.46"
                },
                {
                  "lessThan": "2.20.46",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2020-10-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A buffer overflow in WhatsApp for Android prior to v2.20.130 and WhatsApp Business for Android prior to v2.20.46 could have allowed an out-of-bounds write when processing malformed local videos with E-AC-3 audio streams."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-06T17:35:26.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2020/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2020-10-06",
              "ID": "CVE-2020-1906",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.130"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.130"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.46"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.46"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A buffer overflow in WhatsApp for Android prior to v2.20.130 and WhatsApp Business for Android prior to v2.20.46 could have allowed an out-of-bounds write when processing malformed local videos with E-AC-3 audio streams."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-122: Heap-based Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2020/",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2020/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1906",
        "datePublished": "2020-10-06T17:35:26.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:53:59.903Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1904 (GCVE-0-2020-1904)

    Vulnerability from cvelistv5 – Published: 2020-10-06 17:35 – Updated: 2024-08-04 06:54
    VLAI
    Summary
    A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed for directory traversal overwriting files when sending specially crafted docx, xlsx, and pptx files as attachments to messages.
    Severity
    No CVSS data available.
    CWE
    • CWE-23 - Relative Path Traversal
    Assigner
    References
    Impacted products
    Vendor Product Version
    Facebook WhatsApp for iOS Affected: 2.20.61
    Affected: unspecified , < 2.20.61 (custom)
    Create a notification for this product.
    Facebook WhatsApp Business for iOS Affected: 2.20.61
    Affected: unspecified , < 2.20.61 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:54:00.435Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.whatsapp.com/security/advisories/2020/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WhatsApp for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.61"
                },
                {
                  "lessThan": "2.20.61",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "WhatsApp Business for iOS",
              "vendor": "Facebook",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.20.61"
                },
                {
                  "lessThan": "2.20.61",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "dateAssigned": "2020-10-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed for directory traversal overwriting files when sending specially crafted docx, xlsx, and pptx files as attachments to messages."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-23",
                  "description": "CWE-23: Relative Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-02T11:59:30.000Z",
            "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
            "shortName": "facebook"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.whatsapp.com/security/advisories/2020/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-assign@fb.com",
              "DATE_ASSIGNED": "2020-10-06",
              "ID": "CVE-2020-1904",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WhatsApp for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.61"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.61"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "WhatsApp Business for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "!=\u003e",
                                "version_value": "2.20.61"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.20.61"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Facebook"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed for directory traversal overwriting files when sending specially crafted docx, xlsx, and pptx files as attachments to messages."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-23: Relative Path Traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.whatsapp.com/security/advisories/2020/",
                  "refsource": "CONFIRM",
                  "url": "https://www.whatsapp.com/security/advisories/2020/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
        "assignerShortName": "facebook",
        "cveId": "CVE-2020-1904",
        "datePublished": "2020-10-06T17:35:26.000Z",
        "dateReserved": "2019-12-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:54:00.435Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }