CVSS: 9.8EPSS: 46%CPEs: 6EXPL: 0CVE-2019-3568 – WhatsApp VOIP Stack Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2019-3568
14 May 2019 — A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15. Una vulnerabilidad de desbordamiento de búfer en la pila VOIP de WhatsApp... • http://www.securityfocus.com/bid/108329 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2019-3566
https://notcve.org/view.php?id=CVE-2019-3566
10 May 2019 — A bug in WhatsApp for Android's messaging logic would potentially allow a malicious individual who has taken over over a WhatsApp user's account to recover previously sent messages. This behavior requires independent knowledge of metadata for previous messages, which are not available publicly. This issue affects WhatsApp for Android 2.19.52 and 2.19.54 - 2.19.103, as well as WhatsApp Business for Android starting in v2.19.22 until v2.19.38. Se descubrió un error en la lógica de mensajería de WhatsApp para ... • https://www.facebook.com/security/advisories/cve-2019-3566 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-6344
https://notcve.org/view.php?id=CVE-2018-6344
31 Dec 2018 — A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established. The vulnerability can be used to cause denial of service. It affects WhatsApp for Android prior to v2.18.293, WhatsApp for iOS prior to v2.18.93, and WhatsApp for Windows Phone prior to v2.18.172. Una corrupción basada en memoria (heap) en WhatsApp puede deberse a un paquete RTP mal formado que se envía tras el establecimiento de una llamada. Esta vulnerabilidad puede utilizarse para provocar una de... • http://www.securityfocus.com/bid/106365 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 1CVE-2017-8769 – WhatsApp Failure to Delete
https://notcve.org/view.php?id=CVE-2017-8769
18 May 2017 — Facebook WhatsApp Messenger before 2.16.323 for Android uses the SD card for cleartext storage of files (Audio, Documents, Images, Video, and Voice Notes) associated with a chat, even after that chat is deleted. There may be users who expect file deletion to occur upon chat deletion, or who expect encryption (consistent with the application's use of an encrypted database to store chat text). NOTE: the vendor reportedly indicates that they do not "consider these to be security issues" because a user may legi... • http://www.securityfocus.com/bid/100906 • CWE-311: Missing Encryption of Sensitive Data •