CVE-2023-38538 — Race Condition in Whatsapp Business FOR Android

CWE-362 — Race Condition CWE-366 — Race Condition within a Thread3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.1%

top 74.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Facebook Whatsapp Business FOR Android Facebook Whatsapp Business FOR IOS Facebook Whatsapp Desktop FOR MAC +4 more

Timeline

PublishedOct 4

Description

A race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have resulted in app termination or unexpected control flow with very low probability.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:LExploitability: 1.6 | Impact: 3.4

Affected Packages7 packages

▶NVDwhatsapp/whatsapp< 2.2320.2

▶CVEListV5facebook/whatsapp_for_ios< 2.23.10.77

▶CVEListV5facebook/whatsapp_for_android< 2.23.10.77

▶CVEListV5facebook/whatsapp_desktop_for_mac< 2.2338.12

▶CVEListV5facebook/whatsapp_business_for_ios< 2.23.10.77

🔴Vulnerability Details

GHSA

GHSA-hr72-3p79-rchw: A race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have resulted in app termination↗2023-10-04

▶

CVEList

CVE-2023-38538: A race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have resulted in app termination↗2023-10-04

▶