cbcvebase.
CVE-2018-6344
published 2018-12-31

CVE-2018-6344: A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established. The vulnerability can be used to cause denial of…

PriorityP336high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.95%
77.7th percentile
A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established. The vulnerability can be used to cause denial of service. It affects WhatsApp for Android prior to v2.18.293, WhatsApp for iOS prior to v2.18.93, and WhatsApp for Windows Phone prior to v2.18.172.

Affected

9 ranges
VendorProductVersion rangeFixed in
facebookwhatsapp_for_android
facebookwhatsapp_for_android>= unspecified < 2.18.2932.18.293
facebookwhatsapp_for_ios
facebookwhatsapp_for_ios>= unspecified < 2.18.932.18.93
facebookwhatsapp_for_windows_phone
facebookwhatsapp_for_windows_phone>= unspecified < 2.18.1722.18.172
whatsappwhatsapp< 2.18.932.18.93
whatsappwhatsapp< 2.18.1722.18.172
whatsappwhatsapp< 2.18.2932.18.293

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.