CVE-2021-24026Out-of-bounds Write in Whatsapp Business FOR Android

CWE-787Out-of-bounds Write5 documents4 sources
Severity
9.8CRITICALNVD
EPSS
0.4%
top 36.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Facebook Whatsapp Business FOR AndroidFacebook Whatsapp Business FOR IOSFacebook Whatsapp FOR Android+3 more
Timeline
PublishedApr 6
Latest updateMay 24

Description

A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to v2.21.32, and WhatsApp Business for iOS prior to v2.21.32 could have allowed an out-of-bounds write.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages6 packages

CVEListV5facebook/whatsapp_business_for_androidunspecifiedv2.21.3
CVEListV5facebook/whatsapp_for_androidunspecifiedv2.21.3
CVEListV5facebook/whatsapp_business_for_iosunspecifiedv2.21.32
NVDwhatsapp/whatsapp< 2.21.3

🔴Vulnerability Details

2
GHSA
GHSA-36r2-rr2j-2cvx: A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v22022-05-24
CVEList
CVE-2021-24026: A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v22021-04-06

🕵️Threat Intelligence

2
Qualys
WhatsApp Vulnerabilities: Automatically Discover and Remediate Using VMDR for Mobile Devices | Qualys2021-04-22
Qualys
WhatsApp Vulnerabilities: Automatically Discover and Remediate Using VMDR for Mobile Devices2021-04-22
CVE-2021-24026 — Out-of-bounds Write | cvebase