CVE-2020-1907 — Out-of-bounds Write in Whatsapp Business FOR Android

CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

1.1%

top 22.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Facebook Whatsapp Business FOR Android Facebook Whatsapp Business FOR IOS Facebook Whatsapp FOR Android +4 more

Timeline

PublishedOct 6

Latest updateMay 24

Description

A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsApp Business for Android prior to v2.20.196.12, WhatsApp for iOS prior to v2.20.90, WhatsApp Business for iOS prior to v2.20.90, and WhatsApp for Portal prior to v173.0.0.29.505 could have allowed arbitrary code execution when parsing the contents of an RTP Extension header.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages7 packages

▶CVEListV5facebook/whatsapp_business_for_androidunspecified — 2.20.196.12+1

▶NVDwhatsapp/whatsapp_business< 2.20.90+1

▶CVEListV5facebook/whatsapp_for_androidunspecified — 2.20.196.16+1

▶CVEListV5facebook/whatsapp_business_for_iosunspecified — 2.20.90+1

▶CVEListV5facebook/whatsapp_for_portalunspecified — 173.0.0.29.505+1

🔴Vulnerability Details

GHSA

GHSA-3pw2-rq3w-q74q: A stack overflow in WhatsApp for Android prior to v2↗2022-05-24

▶

CVEList

CVE-2020-1907: A stack overflow in WhatsApp for Android prior to v2↗2020-10-06

▶