Stack-based Overflow in WhatsApp for iOS Product by Facebook
CVE-2018-20655

9.8CRITICAL

Key Information:

Vendor: Facebook
Status: WhatSAPp For iOS; WhatSAPp Business For iOS
Vendor: CVE Published:; 14 June 2019

What is CVE-2018-20655?

A vulnerability in WhatsApp for iOS allows attackers to exploit a stack-based overflow due to a missing size check when parsing packets from a sender. This security flaw could potentially be triggered when users receive calls, affecting both regular and business versions of the app prior to version 2.18.90.24.

Affected Version(s)

WhatsApp Business for iOS 2.18.90.24

WhatsApp Business for iOS < 2.18.90.24

WhatsApp for iOS 2.18.90.24

References

https://www.facebook.com/security/advisories/cve-2018-20655/

x_refsource_MISC

http://www.securityfocus.com/bid/108805

vdb-entryx_refsource_BID

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 14, 2019
Vulnerability Reserved
Jan 2, 2019