CVE-2020-1894 — Out-of-bounds Write in Whatsapp Android

CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.7%

top 27.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Facebook Whatsapp Android Facebook Whatsapp Business FOR Android Facebook Whatsapp Business FOR Iphone +3 more

Timeline

PublishedSep 3

Latest updateMay 24

Description

A stack write overflow in WhatsApp for Android prior to v2.20.35, WhatsApp Business for Android prior to v2.20.20, WhatsApp for iPhone prior to v2.20.30, and WhatsApp Business for iPhone prior to v2.20.30 could have allowed arbitrary code execution when playing a specially crafted push to talk message.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

▶CVEListV5facebook/whatsapp_business_for_iphoneunspecified — 2.20.30+1

▶CVEListV5facebook/whatsapp_business_for_androidunspecified — 2.20.20+1

▶CVEListV5facebook/whatsapp_iphoneunspecified — 2.20.30+1

▶CVEListV5facebook/whatsapp_androidunspecified — 2.20.35+1

▶NVDwhatsapp/whatsapp_business< 2.20.20+1

🔴Vulnerability Details

GHSA

GHSA-24p8-72r9-6qxg: A stack write overflow in WhatsApp for Android prior to v2↗2022-05-24

▶

CVEList

CVE-2020-1894: A stack write overflow in WhatsApp for Android prior to v2↗2020-09-03

▶