cbcvebase.
CVE-2018-6339
published 2019-06-14

CVE-2018-6339: When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed in. An off-by-one error meant…

PriorityP346critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
1.54%
71.8th percentile
When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed in. An off-by-one error meant that data was written beyond the allocated space on the stack. This issue affects WhatsApp for Android starting in version 2.18.180 and was fixed in version 2.18.295. It also affects WhatsApp Business for Android starting in version v2.18.103 and was fixed in version v2.18.150.

Affected

6 ranges
VendorProductVersion rangeFixed in
facebookwhatsapp_business_for_android
facebookwhatsapp_business_for_android>= 2.18.103 < unspecifiedunspecified
facebookwhatsapp_for_android
facebookwhatsapp_for_android>= 2.18.180 < unspecifiedunspecified
whatsappwhatsapp>= 2.18.180 < 2.18.2952.18.295
whatsappwhatsapp_business>= 2.18.103 < 2.18.1502.18.150

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.