CVE-2019-3566
published 2019-05-10CVE-2019-3566: A bug in WhatsApp for Android's messaging logic would potentially allow a malicious individual who has taken over over a WhatsApp user's account to recover…
PriorityP428medium5.9CVSS 3.1
AVNACHPRNUINSUCHINAN
EPSS
1.07%
60.6th percentile
A bug in WhatsApp for Android's messaging logic would potentially allow a malicious individual who has taken over over a WhatsApp user's account to recover previously sent messages. This behavior requires independent knowledge of metadata for previous messages, which are not available publicly. This issue affects WhatsApp for Android 2.19.52 and 2.19.54 - 2.19.103, as well as WhatsApp Business for Android starting in v2.19.22 until v2.19.38.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| whatsapp_business_for_android | — | — | |
| whatsapp_business_for_android | >= 2.19.22 < unspecified | unspecified | |
| whatsapp_for_android | — | — | |
| whatsapp_for_android | — | — | |
| whatsapp_for_android | >= 2.19.54 < unspecified | unspecified | |
| php5 | php5 | >= 0 < 5.5.9+dfsg-1ubuntu4.29+esm2 | 5.5.9+dfsg-1ubuntu4.29+esm2 |
| — | — | ||
| 2.19.54 – 2.19.103 | — | ||
| whatsapp_business | 2.19.22 – 2.19.38 | — |
CVSS provenance
nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9vw8-5c3c-w435: A bug in WhatsApp for Android's messaging logic would potentially allow a malicious individual who has taken over over a WhatsApp user's account to re
ghsa_unreviewed·2022-05-24
CVE-2019-3566 [MEDIUM] GHSA-9vw8-5c3c-w435: A bug in WhatsApp for Android's messaging logic would potentially allow a malicious individual who has taken over over a WhatsApp user's account to re
A bug in WhatsApp for Android's messaging logic would potentially allow a malicious individual who has taken over over a WhatsApp user's account to recover previously sent messages. This behavior requires independent knowledge of metadata for previous messages, which are not available publicly. This issue affects WhatsApp for Android 2.19.52 and 2.19.54 - 2.19.103.
OSV
php5 vulnerabilities
osv·2019-05-22·CVSS 7.5
CVE-2018-20783 php5 vulnerabilities
php5 vulnerabilities
USN-3566-1 fixed several vulnerabilities in PHP. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
It was discovered that PHP incorrectly handled certain files. An attacker
could possibly use this issue to access sensitive information.
(CVE-2018-20783)
It was discovered that PHP incorrectly handled certain files. An attacker
could possibly use this issue to access sensitive information or possibly
cause a crash, resulting in a denial of service. (CVE-2019-11036)
Original advisory details:
It was discovered that PHP incorrectly handled memory when unserializing
certain data. A remote attacker could use this issue to cause PHP to crash,
resulting in a denial of service, or possibly execute arbitrary code. This
issue only affect
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-05-10
Published