CVE-2018-6344Heap-based Buffer Overflow in Whatsapp FOR Android

CWE-122Heap-based Buffer OverflowCWE-787Out-of-bounds Write4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.6%
top 31.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Facebook Whatsapp FOR AndroidFacebook Whatsapp FOR IOSFacebook Whatsapp FOR Windows Phone+1 more
Timeline
PublishedDec 31
Latest updateMay 13

Description

A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established. The vulnerability can be used to cause denial of service. It affects WhatsApp for Android prior to v2.18.293, WhatsApp for iOS prior to v2.18.93, and WhatsApp for Windows Phone prior to v2.18.172.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

CVEListV5facebook/whatsapp_for_windows_phoneunspecified2.18.172+1
CVEListV5facebook/whatsapp_for_androidunspecified2.18.293+1
NVDwhatsapp/whatsapp< 2.18.93+2
CVEListV5facebook/whatsapp_for_iosunspecified2.18.93+1

🔴Vulnerability Details

3
GHSA
GHSA-vhw2-763j-8c4r: A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established2022-05-13
CVEList
CVE-2018-6344: A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established2018-12-31
Project0
Adventures in Video Conferencing Part 3: The Even Wilder World of WhatsApp - Project Zero2018-12-01
CVE-2018-6344 — Heap-based Buffer Overflow | cvebase