CVE-2018-6344
published 2018-12-31CVE-2018-6344: A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established. The vulnerability can be used to cause denial of…
PriorityP336high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.95%
77.7th percentile
A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established. The vulnerability can be used to cause denial of service. It affects WhatsApp for Android prior to v2.18.293, WhatsApp for iOS prior to v2.18.93, and WhatsApp for Windows Phone prior to v2.18.172.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| whatsapp_for_android | — | — | |
| whatsapp_for_android | >= unspecified < 2.18.293 | 2.18.293 | |
| whatsapp_for_ios | — | — | |
| whatsapp_for_ios | >= unspecified < 2.18.93 | 2.18.93 | |
| whatsapp_for_windows_phone | — | — | |
| whatsapp_for_windows_phone | >= unspecified < 2.18.172 | 2.18.172 | |
| < 2.18.93 | 2.18.93 | ||
| < 2.18.172 | 2.18.172 | ||
| < 2.18.293 | 2.18.293 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vhw2-763j-8c4r: A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established
ghsa_unreviewed·2022-05-13
CVE-2018-6344 [HIGH] CWE-122 GHSA-vhw2-763j-8c4r: A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established
A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established. The vulnerability can be used to cause denial of service. It affects WhatsApp for Android prior to v2.18.293, WhatsApp for iOS prior to v2.18.93, and WhatsApp for Windows Phone prior to v2.18.172.
Project0
Adventures in Video Conferencing Part 3: The Even Wilder World of WhatsApp - Project Zero
project_zero·2018-12-01
CVE-2018-6344 Adventures in Video Conferencing Part 3: The Even Wilder World of WhatsApp - Project Zero
Posted by Natalie Silvanovich, Project Zero
WhatsApp is another application that supports video conferencing that does not use WebRTC as its core implementation. Instead, it uses PJSIP, which contains some WebRTC code, but also contains a substantial amount of other code, and predates the WebRTC project. I fuzzed this implementation to see if it had similar results to WebRTC and FaceTime.
Fuzzing Set-up
PJSIP is open source, so it was easy to identify the PJSIP code in the Android WhatsApp binary (libwhatsapp.so). Since PJSIP uses the open source library libsrtp, I started off by opening the binary in IDA and searching for the string srtp_protect, the name of the function libsrtp uses for encryption. This led to a log entry emitted by a function that looked like srtp_protect. There was
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-12-31
Published