Denial of Service Vulnerability in WhatsApp for iOS
CVE-2020-1903

5.5MEDIUM

Key Information:

Vendor: Facebook
Status: WhatSAPp For iOS; WhatSAPp Business For iOS
Vendor: CVE Published:; 6 October 2020

What is CVE-2020-1903?

A vulnerability was identified in WhatsApp for iOS that allows an attacker to potentially cause an out-of-memory condition by exploiting the improper handling of docx, pptx, and xlsx document files. This can lead to a denial of service situation where the application becomes unresponsive. The issue affects versions of the app prior to v2.20.61 and requires user interaction to trigger, as the recipient must open the malicious attachment sent from an unknown contact.

Affected Version(s)

WhatsApp Business for iOS 2.20.61

WhatsApp Business for iOS < 2.20.61

WhatsApp for iOS 2.20.61

References

https://www.whatsapp.com/security/advisories/2020/

x_refsource_CONFIRM

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 6, 2020
Vulnerability Reserved
Dec 2, 2019

Facebook

What is CVE-2020-1903?

Affected Version(s)

References

CVSS V3.1

Timeline