CVE-2021-24042Heap-based Buffer Overflow in Whatsapp Business FOR Android

CWE-122Heap-based Buffer OverflowCWE-787Out-of-bounds Write3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.5%
top 33.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Facebook Whatsapp Business FOR AndroidFacebook Whatsapp Business FOR IOSFacebook Whatsapp Desktop+4 more
Timeline
PublishedJan 4
Latest updateJan 5

Description

The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230, WhatsApp for KaiOS prior to v2.2143, WhatsApp Desktop prior to v2.2146 could have allowed an out-of-bounds write if a user makes a 1:1 call to a malicious actor.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages7 packages

CVEListV5facebook/whatsapp_business_for_androidunspecifiedv2.21.23
CVEListV5facebook/whatsapp_for_androidunspecifiedv2.21.23
CVEListV5facebook/whatsapp_business_for_iosunspecifiedv2.21.230
CVEListV5facebook/whatsapp_desktopunspecifiedv2.2146
CVEListV5facebook/whatsapp_for_kaiosunspecifiedv2.2143

🔴Vulnerability Details

2
GHSA
GHSA-mp5j-h5hx-cfxc: The calling logic for WhatsApp for Android prior to v22022-01-05
CVEList
CVE-2021-24042: The calling logic for WhatsApp for Android prior to v22022-01-04
CVE-2021-24042 — Heap-based Buffer Overflow | cvebase