Vulnerability CVE-2019-3568


Published: 2019-05-14

Description:
A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: Whatsapp
Product: Whatsapp 
Version:
2.8.7
2.8.6
2.8.4
2.8.3
2.8.2
2.8.1
2.6.9
2.6.7
2.6.6
2.6.5
2.6.4
2.6.10
2.2.5
2.18.93
2.17.7
2.17.5
2.17.4
2.17.3
2.17.2
2.17.1
2.16.9
2.16.8
2.16.7
2.16.6
2.16.5
2.16.4
2.16.3
2.16.20
2.16.2
2.16.19
2.16.18
2.16.17
2.16.16
2.16.15
2.16.14
2.16.13
2.16.12
2.16.11
2.16.10
2.16.1
2.12.9
2.12.8
2.12.7
2.12.6
2.12.4
2.12.3
2.12.2
2.12.17
2.12.16
2.12.15
2.12.14
2.12.13
2.12.12
2.12.11
2.12.10
2.12.1
2.11.9
2.11.8
2.11.7
2.11.6
2.11.5
2.11.4
2.11.3
2.11.16
2.11.15
2.11.14
2.11.12
2.11.11
2.10.2
2.10.1

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://www.securityfocus.com/bid/108329
https://www.facebook.com/security/advisories/cve-2019-3568

Copyright 2019, cxsecurity.com

 

Back to Top