CVE-2022-36934Heap-based Buffer Overflow in Whatsapp Business FOR Android

CWE-122Heap-based Buffer OverflowCWE-190Integer Overflow or WraparoundCWE-1220Insufficient Granularity of Access Control7 documents6 sources
Severity
9.8CRITICALNVD
CISA7.8
EPSS
12.7%
top 5.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Meta Whatsapp Business FOR AndroidMeta Whatsapp Business FOR IOSMeta Whatsapp FOR Android+3 more
Timeline
PublishedSep 22
Latest updateOct 3

Description

An integer overflow in WhatsApp could result in remote code execution in an established video call.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages6 packages

NVDwhatsapp/whatsapp< 2.22.16.12
CVEListV5meta/whatsapp_for_iosunspecified2.22.16.12
CVEListV5meta/whatsapp_for_androidunspecified2.22.16.12
NVDwhatsapp/whatsapp_business< 2.22.16.12
CVEListV5meta/whatsapp_business_for_iosunspecified2.22.16.12

🔴Vulnerability Details

2
GHSA
GHSA-h9c4-pjqq-xffc: An integer overflow in WhatsApp could result in remote code execution in an established video call2022-09-23
CVEList
CVE-2022-36934: An integer overflow in WhatsApp could result in remote code execution in an established video call2022-09-22

💥Exploits & PoCs

1
Nuclei
MOVEit Transfer - SQL Injection

📋Vendor Advisories

1
CISA
Microsoft Windows SAM Local Privilege Escalation Vulnerability2022-02-10

🕵️Threat Intelligence

2
Qualys
Automatically Discover, Patch, and Remediate WhatsApp Vulnerabilities Using Qualys VMDR Mobile2022-10-03
Qualys
Automatically Discover and Remediate WhatsApp Vulnerabilities Using VMDR Mobile | Qualys2022-10-03
CVE-2022-36934 — Heap-based Buffer Overflow | cvebase