Out-of-Bounds Write Vulnerability in WhatsApp and WhatsApp Business
CVE-2021-24026

9.8CRITICAL

Key Information:

Vendor: Facebook
Status: WhatSAPp Business For iOS; WhatSAPp For iOS; WhatSAPp Business For Android; WhatSAPp For Android
Vendor: CVE Published:; 6 April 2021

What is CVE-2021-24026?

A missing bounds check in the audio decoding pipeline for WhatsApp calls could allow for an out-of-bounds write. This potentially enables attackers to manipulate memory, leading to unforeseen behaviors in the application. The vulnerability affects both WhatsApp and WhatsApp Business on Android and iOS platforms prior to the specified updates. Users are advised to update their applications to mitigate associated risks.

Affected Version(s)

WhatsApp Business for Android < unspecified

WhatsApp Business for iOS < unspecified

WhatsApp for Android < unspecified

References

https://www.whatsapp.com/security/advisories/2021/

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 6, 2021
Vulnerability Reserved
Jan 13, 2021

Facebook

What is CVE-2021-24026?

Affected Version(s)

References

CVSS V3.1

Timeline