Buffer Overflow in WhatsApp for Android Affects Multiple Versions
CVE-2020-1906

7.8HIGH

Key Information:

Vendor: Facebook
Status: WhatSAPp For Android; WhatSAPp Business For Android
Vendor: CVE Published:; 6 October 2020

What is CVE-2020-1906?

A buffer overflow vulnerability found in WhatsApp for Android can lead to an out-of-bounds write when the application processes malformed local videos that contain E-AC-3 audio streams. This issue affects both WhatsApp and WhatsApp Business apps for Android, specifically versions released prior to 2.20.130 and 2.20.46, respectively. It is crucial for users to update to the latest versions to safeguard against potential exploitation.

Affected Version(s)

WhatsApp Business for Android 2.20.46

WhatsApp Business for Android < 2.20.46

WhatsApp for Android 2.20.130

References

https://www.whatsapp.com/security/advisories/2020/

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 6, 2020
Vulnerability Reserved
Dec 2, 2019

Facebook

What is CVE-2020-1906?

Affected Version(s)

References

CVSS V3.1

Timeline