Race Condition in WhatsApp Causes Heap Use-After-Free Issues
CVE-2023-38538

5MEDIUM

Key Information:

Vendor: Facebook
Status: WhatSAPp Desktop For Mac; WhatSAPp Desktop For Windows; WhatSAPp Business For iOS; WhatSAPp For iOS
Vendor: CVE Published:; 4 October 2023

What is CVE-2023-38538?

A race condition within the event subsystem of WhatsApp has been identified, leading to a heap use-after-free vulnerability during established audio and video calls. This issue could potentially allow for app termination or unexpected changes in control flow, albeit with a very low probability of occurrence. Users should be aware of this vulnerability and keep their applications updated to mitigate potential risks.

Affected Version(s)

WhatsApp Business for Android 0

WhatsApp Business for iOS 0

WhatsApp Desktop for Mac 0

References

https://www.whatsapp.com/security/advisories/2023/

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 4, 2023
Vulnerability Reserved
Jul 19, 2023

Facebook

What is CVE-2023-38538?

Affected Version(s)

References

CVSS V3.1

Timeline