Race Condition Vulnerability in WhatsApp's Network Transport Subsystem
CVE-2023-38537

5.6MEDIUM

Key Information:

Vendor: Facebook
Status: WhatSAPp Desktop For Mac; WhatSAPp Desktop For Windows; WhatSAPp Business For iOS; WhatSAPp For iOS
Vendor: CVE Published:; 4 October 2023

What is CVE-2023-38537?

A race condition in WhatsApp's network transport subsystem has exposed a heap use-after-free vulnerability. This issue manifests during established or unsilenced incoming audio and video calls, creating a potential for unexpected control flow or app termination. Although the likelihood of exploitation is very low, it poses a risk that warrants attention from users and administrators to ensure the latest security measures are implemented.

Affected Version(s)

WhatsApp Business for Android 0

WhatsApp Business for iOS 0

WhatsApp Desktop for Mac 0

References

https://www.whatsapp.com/security/advisories/2023/

x_refsource_CONFIRM

CVSS V3.1

Score:

5.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 4, 2023
Vulnerability Reserved
Jul 19, 2023

Facebook

What is CVE-2023-38537?

Affected Version(s)

References

CVSS V3.1

Timeline