CVE-2018-6350 — Out-of-bounds Read in Whatsapp Business FOR Android

CWE-125 — Out-of-bounds Read3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.4%

top 38.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Facebook Whatsapp Business FOR Android Facebook Whatsapp Business FOR IOS Facebook Whatsapp FOR Android +4 more

Timeline

PublishedJun 14

Latest updateMay 24

Description

An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers. This issue affects WhatsApp for Android prior to 2.18.276, WhatsApp Business for Android prior to 2.18.99, WhatsApp for iOS prior to 2.18.100.6, WhatsApp Business for iOS prior to 2.18.100.2, and WhatsApp for Windows Phone prior to 2.18.224.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages7 packages

▶CVEListV5facebook/whatsapp_business_for_androidunspecified — 2.18.99+1

▶NVDwhatsapp/whatsapp_business< 2.18.100.2+1

▶CVEListV5facebook/whatsapp_for_androidunspecified — 2.18.276+1

▶CVEListV5facebook/whatsapp_business_for_iosunspecified — 2.18.100.2+1

▶CVEListV5facebook/whatsapp_for_windows_phoneunspecified — 2.18.224+1

🔴Vulnerability Details

GHSA

GHSA-57fh-5mmw-ppxc: An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers↗2022-05-24

▶

CVEList

CVE-2018-6350: An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers↗2019-06-14

▶