CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-20655
https://notcve.org/view.php?id=CVE-2018-20655
14 Jun 2019 — When receiving calls using WhatsApp for iOS, a missing size check when parsing a sender-provided packet allowed for a stack-based overflow. This issue affects WhatsApp for iOS prior to v2.18.90.24 and WhatsApp Business for iOS prior to v2.18.90.24. Cuando se reciben llamadas con WhatsApp para iOS, una falta de comprobación de tamaño al analizar un paquete proporcionado por el remitente permite un desbordamiento basado en la pila. Este problema afecta a WhatsApp para iOS anterior a versión v2.18.90.24 y What... • http://www.securityfocus.com/bid/108805 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-6349
https://notcve.org/view.php?id=CVE-2018-6349
14 Jun 2019 — When receiving calls using WhatsApp for Android, a missing size check when parsing a sender-provided packet allowed for a stack-based overflow. This issue affects WhatsApp for Android prior to 2.18.248 and WhatsApp Business for Android prior to 2.18.132. Al recibir llamadas usando WhatsApp para Android, una falta de comprobación de tamaño cuando se analizan un paquete proporcionado por el remitente permite un desbordamiento basado en la pila. Este problema afecta a WhatsApp para Android anterior a versión 2... • http://www.securityfocus.com/bid/108804 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6350
https://notcve.org/view.php?id=CVE-2018-6350
14 Jun 2019 — An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers. This issue affects WhatsApp for Android prior to 2.18.276, WhatsApp Business for Android prior to 2.18.99, WhatsApp for iOS prior to 2.18.100.6, WhatsApp Business for iOS prior to 2.18.100.2, and WhatsApp for Windows Phone prior to 2.18.224. Fue posible una lectura fuera de límites en WhatsApp debido a un análisis incorrecto de los encabezados de extensión RTP. Este problema afecta a WhatsApp para Android anter... • http://www.securityfocus.com/bid/108803 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 49%CPEs: 6EXPL: 0CVE-2019-3568 – WhatsApp VOIP Stack Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2019-3568
14 May 2019 — A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15. Una vulnerabilidad de desbordamiento de búfer en la pila VOIP de WhatsApp... • http://www.securityfocus.com/bid/108329 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2019-3566
https://notcve.org/view.php?id=CVE-2019-3566
10 May 2019 — A bug in WhatsApp for Android's messaging logic would potentially allow a malicious individual who has taken over over a WhatsApp user's account to recover previously sent messages. This behavior requires independent knowledge of metadata for previous messages, which are not available publicly. This issue affects WhatsApp for Android 2.19.52 and 2.19.54 - 2.19.103, as well as WhatsApp Business for Android starting in v2.19.22 until v2.19.38. Se descubrió un error en la lógica de mensajería de WhatsApp para ... • https://www.facebook.com/security/advisories/cve-2019-3566 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-6344
https://notcve.org/view.php?id=CVE-2018-6344
31 Dec 2018 — A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established. The vulnerability can be used to cause denial of service. It affects WhatsApp for Android prior to v2.18.293, WhatsApp for iOS prior to v2.18.93, and WhatsApp for Windows Phone prior to v2.18.172. Una corrupción basada en memoria (heap) en WhatsApp puede deberse a un paquete RTP mal formado que se envía tras el establecimiento de una llamada. Esta vulnerabilidad puede utilizarse para provocar una de... • http://www.securityfocus.com/bid/106365 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 1CVE-2017-8769 – WhatsApp Failure to Delete
https://notcve.org/view.php?id=CVE-2017-8769
18 May 2017 — Facebook WhatsApp Messenger before 2.16.323 for Android uses the SD card for cleartext storage of files (Audio, Documents, Images, Video, and Voice Notes) associated with a chat, even after that chat is deleted. There may be users who expect file deletion to occur upon chat deletion, or who expect encryption (consistent with the application's use of an encrypted database to store chat text). NOTE: the vendor reportedly indicates that they do not "consider these to be security issues" because a user may legi... • http://www.securityfocus.com/bid/100906 • CWE-311: Missing Encryption of Sensitive Data •