CVE-2020-1891 — Out-of-bounds Write in Whatsapp Android

CWE-787 — Out-of-bounds Write2 documents2 sources

Severity

9.8CRITICALNVD

EPSS

0.5%

top 33.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Facebook Whatsapp Android Facebook Whatsapp Business FOR Android Facebook Whatsapp Business FOR Iphone +3 more

Timeline

PublishedSep 3

Latest updateMay 24

Description

A user controlled parameter used in video call in WhatsApp for Android prior to v2.20.17, WhatsApp Business for Android prior to v2.20.7, WhatsApp for iPhone prior to v2.20.20, and WhatsApp Business for iPhone prior to v2.20.20 could have allowed an out-of-bounds write on 32-bit devices.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages6 packages

▶CVEListV5facebook/whatsapp_business_for_iphoneunspecified — 2.20.20+1

▶CVEListV5facebook/whatsapp_business_for_androidunspecified — 2.20.7+1

▶CVEListV5facebook/whatsapp_iphoneunspecified — 2.20.20+1

▶CVEListV5facebook/whatsapp_androidunspecified — 2.20.17+1

▶NVDwhatsapp/whatsapp_business< 2.20.7+1

🔴Vulnerability Details

GHSA

GHSA-fmf2-2478-rv56: A user controlled parameter used in video call in WhatsApp for Android prior to v2↗2022-05-24

▶