CVE-2020-1886 — Classic Buffer Overflow in Whatsapp Business FOR Android

CWE-120 — Classic Buffer Overflow CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.5%

top 35.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Facebook Whatsapp Business FOR Android Facebook Whatsapp FOR Android Whatsapp +1 more

Timeline

PublishedSep 3

Latest updateMay 24

Description

A buffer overflow in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have allowed an out-of-bounds write via a specially crafted video stream after receiving and answering a malicious video call.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5facebook/whatsapp_business_for_androidunspecified — 2.20.2+1

▶CVEListV5facebook/whatsapp_for_androidunspecified — 2.20.11+1

▶NVDwhatsapp/whatsapp_business< 2.20.2

▶NVDwhatsapp/whatsapp< 2.20.11

🔴Vulnerability Details

GHSA

GHSA-m346-7x4h-3r6w: A buffer overflow in WhatsApp for Android prior to v2↗2022-05-24

▶

CVEList

CVE-2020-1886: A buffer overflow in WhatsApp for Android prior to v2↗2020-09-03

▶