CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-6339
https://notcve.org/view.php?id=CVE-2018-6339
When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed in. An off-by-one error meant that data was written beyond the allocated space on the stack. This issue affects WhatsApp for Android starting in version 2.18.180 and was fixed in version 2.18.295. It also affects WhatsApp Business for Android starting in version v2.18.103 and was fixed in version v2.18.150. Cuando se reciben llamadas con WhatsApp en Android, en la asignación de pila no se considera adecuadamente la cantidad de datos que están pasando. • https://www.facebook.com/security/advisories/cve-2018-6339 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 2%CPEs: 6EXPL: 0CVE-2019-3568 – WhatsApp VOIP Stack Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2019-3568
A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15. Una vulnerabilidad de desbordamiento de búfer en la pila VOIP de WhatsApp permitió la ejecución remota de código a través de una serie de paquetes RTCP especialmente diseñados que se enviaron a un número de teléfono de destino. El problema afecta a WhatsApp para Android anterior a v2.19.134, WhatsApp Business para Android anterior a v2.19.44, WhatsApp para iOS anterior a v2.19.51, WhatsApp Business para iOS anterior a v2.19.51, WhatsApp para Windows Phone antes de v2.18.348 , y WhatsApp para Tizen antes de v2.18.15. A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. • http://www.securityfocus.com/bid/108329 https://www.facebook.com/security/advisories/cve-2019-3568 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-6344
https://notcve.org/view.php?id=CVE-2018-6344
A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established. The vulnerability can be used to cause denial of service. It affects WhatsApp for Android prior to v2.18.293, WhatsApp for iOS prior to v2.18.93, and WhatsApp for Windows Phone prior to v2.18.172. Una corrupción basada en memoria (heap) en WhatsApp puede deberse a un paquete RTP mal formado que se envía tras el establecimiento de una llamada. Esta vulnerabilidad puede utilizarse para provocar una denegación de servicio. • http://www.securityfocus.com/bid/106365 https://googleprojectzero.blogspot.com/2018/12/adventures-in-video-conferencing-part-3.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •