CVE-2022-27492
published 2022-09-23CVE-2022-27492: An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted video file.
PriorityP337high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
0.49%
38.5th percentile
An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted video file.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| meta | whatsapp_business_for_android | >= unspecified < 2.22.16.2 | 2.22.16.2 |
| meta | whatsapp_business_for_ios | >= unspecified < v2.22.15.9 | v2.22.15.9 |
| meta | whatsapp_for_android | >= unspecified < 2.22.16.2 | 2.22.16.2 |
| meta | whatsapp_for_ios | >= unspecified < v2.22.15.9 | v2.22.15.9 |
| < 2.22.15.9 | 2.22.15.9 | ||
| < 2.22.16.2 | 2.22.16.2 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Qualys
Automatically Discover, Patch, and Remediate WhatsApp Vulnerabilities Using Qualys VMDR Mobile
blogs_qualys·2022-10-03·CVSS 7.8
CVE-2022-36934 [HIGH] Automatically Discover, Patch, and Remediate WhatsApp Vulnerabilities Using Qualys VMDR Mobile
## Table of Contents
WhatsApp Remote Code Execution (RCE) Vulnerabilities
Identification of Assets with WhatsApp Vulnerabilities using Qualys VMDR Mobile
Discover WhatsApp Vulnerabilities CVE-2022-36934 & CVE-2022-27492
Patch and Remediate WhatsApp Vulnerabilities CVE-2022-36934 & CVE-2022-27492
Get Started Now with Qualys VMDR Mobile
WhatsApp has recently fixed critical and high-severity vulnerabilities affecting WhatsApp for Android, WhatsApp Business for Android, WhatsApp for iOS, and WhatsApp Business for iOS. Exploiting these vulnerabilities would be the first step of an attacker installing any malware on the device. In 2019 for example, the Israeli spyware maker NSO Group exploited an audio calling flaw to inject the Pegasus spyware.
## WhatsApp Remote Code Execution (RCE) Vul
Qualys
Automatically Discover and Remediate WhatsApp Vulnerabilities Using VMDR Mobile | Qualys
blogs_qualys·2022-10-03·CVSS 7.8
CVE-2022-36934 [HIGH] Automatically Discover and Remediate WhatsApp Vulnerabilities Using VMDR Mobile | Qualys
#### Table of Contents
- WhatsApp Remote Code Execution (RCE) Vulnerabilities
- Identification of Assets with WhatsApp Vulnerabilities using Qualys VMDR Mobile
- Discover WhatsApp Vulnerabilities CVE-2022-36934 & CVE-2022-27492
- Patch and Remediate WhatsApp Vulnerabilities CVE-2022-36934 & CVE-2022-27492
- Get Started Now with Qualys VMDR Mobile
WhatsApp has recently fixed critical and high-severity vulnerabilities affecting WhatsApp for Android, WhatsApp Business for Android, WhatsApp for iOS, and WhatsApp Business for iOS. Exploiting these vulnerabilities would be the first step of an attacker installing any malware on the device. In 2019 for example, the Israeli spyware maker NSO Group exploited an audio calling flaw to inject the Pegasus spyware.
## WhatsApp Remote Code Execution (
2022-09-23
Published