CVE-2020-1909 — Use After Free in Whatsapp Business FOR IOS

CWE-416 — Use After Free10 documents6 sources

Severity

9.8CRITICALNVD

EPSS

3.4%

top 12.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Facebook Whatsapp Business FOR IOS Facebook Whatsapp FOR IOS Whatsapp +1 more

Timeline

PublishedNov 3

Latest updateMay 24

Description

A use-after-free in a logging library in WhatsApp for iOS prior to v2.20.111 and WhatsApp Business for iOS prior to v2.20.111 could have resulted in memory corruption, crashes and potentially code execution. This could have happened only if several events occurred together in sequence, including receiving an animated sticker while placing a WhatsApp video call on hold.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶NVDwhatsapp/whatsapp_business< 2.20.111

▶CVEListV5facebook/whatsapp_business_for_iosunspecified — 2.20.111+2

▶NVDwhatsapp/whatsapp< 2.20.111

▶CVEListV5facebook/whatsapp_for_iosunspecified — 2.20.111+2

🔴Vulnerability Details

GHSA

GHSA-553h-pw8j-m6f2: A use-after-free in a logging library in WhatsApp for iOS prior to v2↗2022-05-24

▶

CVEList

CVE-2020-1909: A use-after-free in a logging library in WhatsApp for iOS prior to v2↗2020-11-03

▶

Project0

Project Zero RCA: CVE-2020-0674: Internet Explorer use-after-free in JScript↗

▶

💥Exploits & PoCs

Exploit-DB

Druva inSync Windows Client 6.6.3 - Local Privilege Escalation↗2020-05-22

▶

🕵️Threat Intelligence

Unit42

Threat Brief: Microsoft DNS Server Wormable Vulnerability CVE-2020-1350↗2020-07-21

▶