Out-of-Bounds Write Vulnerability in WhatsApp Products
CVE-2021-24042

9.8CRITICAL

Key Information:

Vendor: Facebook
Status: WhatSAPp Desktop; WhatSAPp For KaiOS; WhatSAPp Business For iOS; WhatSAPp For iOS
Vendor: CVE Published:; 4 January 2022

What is CVE-2021-24042?

Certain versions of WhatsApp products are susceptible to an out-of-bounds write vulnerability that can be triggered during 1:1 calls with malicious actors. This flaw affects several platforms, including WhatsApp for Android, iOS, KaiOS, and Desktop, prior to their respective secure updates. Users are encouraged to update their applications to mitigate risk.

Affected Version(s)

WhatsApp Business for Android < unspecified

WhatsApp Business for iOS < unspecified

WhatsApp Desktop < unspecified

References

https://www.whatsapp.com/security/advisories/2021/

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 4, 2022
Vulnerability Reserved
Jan 13, 2021

Facebook

What is CVE-2021-24042?

Affected Version(s)

References

CVSS V3.1

Timeline