CVE-2020-1903Uncontrolled Resource Consumption in Whatsapp Business FOR IOS

CWE-400Uncontrolled Resource Consumption12 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.3%
top 48.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Facebook Whatsapp Business FOR IOSFacebook Whatsapp FOR IOSWhatsapp+1 more
Timeline
PublishedOct 6
Latest updateMay 24

Description

An issue when unzipping docx, pptx, and xlsx documents in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have resulted in an out-of-memory denial of service. This issue would have required the receiver to explicitly open the attachment if it was received from a number not in the receiver's WhatsApp contacts.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

CVEListV5facebook/whatsapp_business_for_iosunspecified2.20.61+1
NVDwhatsapp/whatsapp< 2.20.61
CVEListV5facebook/whatsapp_for_iosunspecified2.20.61+1

🔴Vulnerability Details

3
GHSA
GHSA-2468-6hhw-x65x: An issue when unzipping docx, pptx, and xlsx documents in WhatsApp for iOS prior to v22022-05-24
CVEList
CVE-2020-1903: An issue when unzipping docx, pptx, and xlsx documents in WhatsApp for iOS prior to v22020-10-06
Project0
Project Zero RCA: CVE-2020-0674: Internet Explorer use-after-free in JScript

🕵️Threat Intelligence

1
Unit42
Threat Brief: Microsoft DNS Server Wormable Vulnerability CVE-2020-13502020-07-21
CVE-2020-1903 — Uncontrolled Resource Consumption | cvebase