CVE-2018-6339
published 2019-06-14CVE-2018-6339: When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed in. An off-by-one error meant…
PriorityP346critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
1.54%
71.8th percentile
When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed in. An off-by-one error meant that data was written beyond the allocated space on the stack. This issue affects WhatsApp for Android starting in version 2.18.180 and was fixed in version 2.18.295. It also affects WhatsApp Business for Android starting in version v2.18.103 and was fixed in version v2.18.150.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| whatsapp_business_for_android | — | — | |
| whatsapp_business_for_android | >= 2.18.103 < unspecified | unspecified | |
| whatsapp_for_android | — | — | |
| whatsapp_for_android | >= 2.18.180 < unspecified | unspecified | |
| >= 2.18.180 < 2.18.295 | 2.18.295 | ||
| whatsapp_business | >= 2.18.103 < 2.18.150 | 2.18.150 |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-06-14
Published