CVE-2023-38537 — Race Condition in Whatsapp Business FOR Android

CWE-362 — Race Condition CWE-366 — Race Condition within a Thread3 documents3 sources

Severity

5.6MEDIUMNVD

EPSS

0.1%

top 70.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Facebook Whatsapp Business FOR Android Facebook Whatsapp Business FOR IOS Facebook Whatsapp Desktop FOR MAC +4 more

Timeline

PublishedOct 4

Description

A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that could have resulted in app termination or unexpected control flow with very low probability.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 2.2 | Impact: 3.4

Affected Packages7 packages

▶NVDwhatsapp/whatsapp< 2.2338.12

▶CVEListV5facebook/whatsapp_for_ios< 2.23.10.77

▶CVEListV5facebook/whatsapp_for_android< 2.23.10.77

▶CVEListV5facebook/whatsapp_desktop_for_mac< 2.2338.12

▶CVEListV5facebook/whatsapp_business_for_ios< 2.23.10.77

🔴Vulnerability Details

CVEList

CVE-2023-38537: A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that coul↗2023-10-04

▶

GHSA

GHSA-5crw-452c-5358: A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that coul↗2023-10-04

▶