CVE-2018-6339Stack-based Buffer Overflow in Whatsapp Business FOR Android

CWE-121Stack-based Buffer OverflowCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.4%
top 37.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Facebook Whatsapp Business FOR AndroidFacebook Whatsapp FOR AndroidWhatsapp+1 more
Timeline
PublishedJun 14
Latest updateMay 24

Description

When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed in. An off-by-one error meant that data was written beyond the allocated space on the stack. This issue affects WhatsApp for Android starting in version 2.18.180 and was fixed in version 2.18.295. It also affects WhatsApp Business for Android starting in version v2.18.103 and was fixed in version v2.18.150.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

CVEListV5facebook/whatsapp_business_for_android2.18.103unspecified+1
CVEListV5facebook/whatsapp_for_android2.18.180unspecified+1
NVDwhatsapp/whatsapp_business2.18.1032.18.150
NVDwhatsapp/whatsapp2.18.1802.18.295

🔴Vulnerability Details

2
GHSA
GHSA-wjm8-p3r4-7xgc: When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed in2022-05-24
CVEList
CVE-2018-6339: When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed in2019-06-14
CVE-2018-6339 — Stack-based Buffer Overflow | cvebase