Heap Corruption in WhatsApp Affects Multiple Platforms
CVE-2018-6344

7.5HIGH

Key Information:

Vendor: Facebook
Status: WhatSAPp For Android; WhatSAPp For iOS; WhatSAPp For Windows Phone
Vendor: CVE Published:; 31 December 2018

What is CVE-2018-6344?

A vulnerability in WhatsApp allows for heap corruption due to malformed RTP packets being sent after a call has been established. This issue can lead to service disruptions, impacting user experience across various platforms. Users are encouraged to update to the latest versions of WhatsApp to mitigate this vulnerability.

Affected Version(s)

WhatsApp for Android 2.18.293

WhatsApp for Android < 2.18.293

WhatsApp for iOS 2.18.93

References

https://googleprojectzero.blogspot.com/2018/12/adventures...

x_refsource_MISC

http://www.securityfocus.com/bid/106365

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 31, 2018
Vulnerability Reserved
Jan 26, 2018

Facebook

What is CVE-2018-6344?

Affected Version(s)

References

CVSS V3.1

Timeline