CVE-2020-1901 — Uncontrolled Resource Consumption in Whatsapp FOR IOS

CWE-400 — Uncontrolled Resource Consumption4 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.5%

top 33.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Facebook Whatsapp FOR IOS Whatsapp

Timeline

PublishedOct 6

Latest updateMay 24

Description

Receiving a large text message containing URLs in WhatsApp for iOS prior to v2.20.91.4 could have caused the application to freeze while processing the message.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDwhatsapp/whatsapp< 2.20.91.4

▶CVEListV5facebook/whatsapp_for_iosunspecified — 2.20.91.4+1

🔴Vulnerability Details

GHSA

GHSA-gqr2-r72f-2848: Receiving a large text message containing URLs in WhatsApp for iOS prior to v2↗2022-05-24

▶

CVEList

CVE-2020-1901: Receiving a large text message containing URLs in WhatsApp for iOS prior to v2↗2020-10-06

▶

💥Exploits & PoCs

Exploit-DB

Trend Micro Web Security Virtual Appliance 6.5 SP2 Patch 4 Build 1901 - Remote Code Execution (Metasploit)↗2020-07-14

▶