CVE-2022-27492Integer Underflow (Wrap or Wraparound) in Whatsapp Business FOR Android

CWE-191Integer Underflow (Wrap or Wraparound)5 documents4 sources
Severity
7.8HIGHNVD
EPSS
3.6%
top 12.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Meta Whatsapp Business FOR AndroidMeta Whatsapp Business FOR IOSMeta Whatsapp FOR Android+2 more
Timeline
PublishedSep 23
Latest updateOct 3

Description

An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted video file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

NVDwhatsapp/whatsapp< 2.22.15.9+1
CVEListV5meta/whatsapp_for_iosunspecifiedv2.22.15.9
CVEListV5meta/whatsapp_for_androidunspecified2.22.16.2
CVEListV5meta/whatsapp_business_for_iosunspecifiedv2.22.15.9
CVEListV5meta/whatsapp_business_for_androidunspecified2.22.16.2

🔴Vulnerability Details

2
GHSA
GHSA-98r4-4f3j-q239: An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted video file2022-09-25
CVEList
CVE-2022-27492: An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted video file2022-09-23

🕵️Threat Intelligence

2
Qualys
Automatically Discover, Patch, and Remediate WhatsApp Vulnerabilities Using Qualys VMDR Mobile2022-10-03
Qualys
Automatically Discover and Remediate WhatsApp Vulnerabilities Using VMDR Mobile | Qualys2022-10-03
CVE-2022-27492 — Integer Underflow (Wrap or Wraparound) | cvebase